httpd24-nghttp2-1.7.1-11.0.1.el7
エラータID: AXSA:2024-7351:01
リリース日:
2024/01/11 Thursday - 01:02
題名:
httpd24-nghttp2-1.7.1-11.0.1.el7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
httpd24-nghttp2 is a library implementing the Hypertext Transfer Protocol
version 2 (HTTP/2) protocol in C.
Security Fix(es):
* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack
(Rapid Reset Attack) (CVE-2023-44487)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.
CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption)
because request cancellation can reset many streams quickly, as exploited in the
wild in August through October 2023.
解決策:
Update packages.
CVE:
CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
追加情報:
N/A
ダウンロード:
SRPMS
- httpd24-nghttp2-1.7.1-11.0.1.el7.src.rpm
MD5: 5d303c70a5550df073ba2e355e0901b8
SHA-256: 8cb7f4b9c93775cf7e4043f016cc0a2a4940b0a3500e41681799b0848b6cd68d
Size: 1.36 MB
Asianux Server 7 for x86_64
- httpd24-libnghttp2-1.7.1-11.0.1.el7.x86_64.rpm
MD5: 2f9ccd1f3534f6f3057923a91f0b7a30
SHA-256: 19ac3a1597e7aeb3c12e8e0dba4a84f4f1e4c59f73da85fb3781e2f2fe994935
Size: 62.15 kB - httpd24-libnghttp2-devel-1.7.1-11.0.1.el7.x86_64.rpm
MD5: 1b577d4e8fb7e9d5e76f9a456d60fdbe
SHA-256: 6a55d9c9bac573eee621fed3a4701ac2821ada2cbcf36d05a3366bae7946d935
Size: 45.23 kB - httpd24-nghttp2-1.7.1-11.0.1.el7.x86_64.rpm
MD5: 0b8098a5d1e93645c1e765e44eb7ce50
SHA-256: 7d9b772aa69b5cfd6dd7105f3c50c5ecdcaa4923f2969ffd864579aa89d42899
Size: 4.21 kB