nghttp2-1.33.0-6.el8_10.1

エラータID: AXSA:2024-8517:02

Release date: 
Thursday, July 4, 2024 - 18:52
Subject: 
nghttp2-1.33.0-6.el8_10.1
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 (HTTP/2) protocol in C.

Security Fix(es):

* nghttp2: CONTINUATION frames DoS (CVE-2024-28182)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-28182
nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it accepts per stream. There is no workaround for this vulnerability.

Solution: 

Update packages.

CVEs: 
CVE-2024-28182
nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it accepts per stream. There is no workaround for this vulnerability.
Additional Info: 

N/A

Download: 

SRPMS
  1. nghttp2-1.33.0-6.el8_10.1.src.rpm
    MD5: 973149339c2361b7e0a6a79f0eac909d
    SHA-256: 248f2fc73ee5d2a90d55bea69a9b788d94156c377ddfa6fe28cbb9d7248048e6
    Size: 1.51 MB

Asianux Server 8 for x86_64
  1. libnghttp2-1.33.0-6.el8_10.1.i686.rpm
    MD5: cdb4fdbd69cd0feaa475a2a660b8bdd8
    SHA-256: efc247cbb422bbaa34e256891179f1e06406996951c1cbdfbacb048dd883b18b
    Size: 83.54 kB
  2. libnghttp2-1.33.0-6.el8_10.1.x86_64.rpm
    MD5: 3633a1696b5f40c56c234fc16d4990ee
    SHA-256: 6385ef8918711ad3c9c691e177c2fca985bacbdf99a883f83272e815aae3f023
    Size: 77.25 kB
  3. libnghttp2-devel-1.33.0-6.el8_10.1.i686.rpm
    MD5: 5776cdb55e20b771826392b4fb281616
    SHA-256: ce412d4b56d5068ca47ea52474a917dc4f942e03035b280330710ec89408ccd7
    Size: 59.96 kB
  4. libnghttp2-devel-1.33.0-6.el8_10.1.x86_64.rpm
    MD5: b117dd417852ddf718729d6c31a6f178
    SHA-256: 22300dece7b11ea6fdc98f457a9d8672059fca9a556463db4426f5bb110deb8f
    Size: 59.94 kB
  5. nghttp2-1.33.0-6.el8_10.1.x86_64.rpm
    MD5: cf11946732c04312740cb1ef79ce1cfa
    SHA-256: 73403adf10fe742bda6c01ad2ba879ae7c19e229e7e7f82afa897f0656d567ba
    Size: 597.73 kB