nghttp2-1.33.0-6.el8_10.1
エラータID: AXSA:2024-8517:02
リリース日:
2024/07/04 Thursday - 18:52
題名:
nghttp2-1.33.0-6.el8_10.1
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- nghttp2 の HTTP/2 プロトコルスタックには、
HPACK コンテキストのストリームのリセット後も
HTTP/2 CONTINUATION フレームを読み取り続けて
しまう問題があるため、リモートの攻撃者により、
細工されたパケットの送信を介して、サービス拒否
攻撃 (CPU リソースおよびメモリの枯渇) を可能と
する脆弱性が存在します。(CVE-2024-28182)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-28182
nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it accepts per stream. There is no workaround for this vulnerability.
nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it accepts per stream. There is no workaround for this vulnerability.
追加情報:
N/A
ダウンロード:
SRPMS
- nghttp2-1.33.0-6.el8_10.1.src.rpm
MD5: 973149339c2361b7e0a6a79f0eac909d
SHA-256: 248f2fc73ee5d2a90d55bea69a9b788d94156c377ddfa6fe28cbb9d7248048e6
Size: 1.51 MB
Asianux Server 8 for x86_64
- libnghttp2-1.33.0-6.el8_10.1.i686.rpm
MD5: cdb4fdbd69cd0feaa475a2a660b8bdd8
SHA-256: efc247cbb422bbaa34e256891179f1e06406996951c1cbdfbacb048dd883b18b
Size: 83.54 kB - libnghttp2-1.33.0-6.el8_10.1.x86_64.rpm
MD5: 3633a1696b5f40c56c234fc16d4990ee
SHA-256: 6385ef8918711ad3c9c691e177c2fca985bacbdf99a883f83272e815aae3f023
Size: 77.25 kB - libnghttp2-devel-1.33.0-6.el8_10.1.i686.rpm
MD5: 5776cdb55e20b771826392b4fb281616
SHA-256: ce412d4b56d5068ca47ea52474a917dc4f942e03035b280330710ec89408ccd7
Size: 59.96 kB - libnghttp2-devel-1.33.0-6.el8_10.1.x86_64.rpm
MD5: b117dd417852ddf718729d6c31a6f178
SHA-256: 22300dece7b11ea6fdc98f457a9d8672059fca9a556463db4426f5bb110deb8f
Size: 59.94 kB - nghttp2-1.33.0-6.el8_10.1.x86_64.rpm
MD5: cf11946732c04312740cb1ef79ce1cfa
SHA-256: 73403adf10fe742bda6c01ad2ba879ae7c19e229e7e7f82afa897f0656d567ba
Size: 597.73 kB
English