mod_http2-2.0.26-2.el9_4.1
エラータID: AXSA:2024-8954:04
Release date:
Tuesday, November 5, 2024 - 11:13
Subject:
mod_http2-2.0.26-2.el9_4.1
Affected Channels:
MIRACLE LINUX 9 for x86_64
Severity:
Low
Description:
The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on top of libnghttp2 for httpd 2.4 servers.
Security Fix(es):
* mod_http2: DoS by null pointer in websocket over HTTP/2 (CVE-2024-36387)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2024-36387
Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.
Solution:
Update packages.
CVEs:
CVE-2024-36387
Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.
Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.
Additional Info:
N/A
Download:
SRPMS
- mod_http2-2.0.26-2.el9_4.1.src.rpm
MD5: 6cb5ff5dffca12326b1c4e7a6964f960
SHA-256: f839bef3e8892d8128c126c73e89f3ecb244b374c9ec9c093a48b391cc920a57
Size: 1.01 MB
Asianux Server 9 for x86_64
- mod_http2-2.0.26-2.el9_4.1.x86_64.rpm
MD5: e9aef9c510bb7fa01908006f3a430116
SHA-256: c55b2ea4caa5cd1d41377676e39fc3aee56a35cbf3dab9b3f1d8367b514c02ab
Size: 162.47 kB