openSUSE: Security Advisory for nodejs10 (openSUSE-SU-2019:2114-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

RHEL 8 : go-toolset:rhel8 (RHSA-2019:2726)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2726 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: HTTP/2: flood usin...

NewStart CGSL CORE 5.05 / MAIN 5.05 : firefox Multiple Vulnerabilities (NS-SA-2019-0171)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has firefox packages installed that are affected by multiple vulnerabilities: - Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. Some of these bugs showed evidence...

openSUSE Security Update : nodejs10 (openSUSE-2019-2114) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)

This update for nodejs10 to version 10.16.3 fixes the following issues : Security issues fixed : - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service bsc1146091. -...

RHEL 7 / 8 : Red Hat OpenShift Container Platform 4.1 openshift RPM (RHSA-2019:2661)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2661 advisory. Both the openshift and atomic-enterprise-service-catalog packages have been rebuilt with updates versions of golang. The golang packages...

Debian: Security Advisory (DSA-4520-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4128-1: Tomcat vulnerabilities

It was discovered that the Tomcat 8 SSI printenv command echoed user provided data without escaping it. An attacker could possibly use this issue to perform an XSS attack. CVE-2019-0221 It was discovered that Tomcat 8 did not address HTTP/2 connection window exhaustion on write while addressing...

Important: Red Hat Security Advisory: go-toolset-1.11 and go-toolset-1.11-golang security update

An update for go-toolset-1.11 and go-toolset-1.11-golang is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...

OPENSUSE-SU-2019:2115-1 Security update for nodejs8

This update for nodejs8 to version 8.16.1 fixes the following issues: Security issues fixed: - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service bsc1146091. - CVE-2019-9512...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.1.14 security and bug fix update

An update is now available for Red Hat OpenShift Container Platform 4.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

Security update for nodejs8 (important)

openSUSE Security Update: Security update for nodejs8 Announcement ID: openSUSE-SU-2019:2115-1 Rating: important References: 1144919 1146090 1146091 1146093 1146094 1146095 1146097 1146099 1146100 Cross-References: CVE-2019-9511 CVE-2019-9512 CVE-2019-9513 CVE-2019-9514 CVE-2019-9515 CVE-2019-951...

Security update for nginx (important)

openSUSE Security Update: Security update for nginx Announcement ID: openSUSE-SU-2019:2120-1 Rating: important References: 1115015 1115022 1115025 1145579 1145580 1145582 Cross-References: CVE-2018-16843 CVE-2018-16844 CVE-2018-16845 CVE-2019-9511 CVE-2019-9513 CVE-2019-9516 Affected Products:...

Debian DSA-4520-1 : trafficserver - security update (Empty Frames Flood) (Ping Flood) (Reset Flood) (Settings Flood)

Several vulnerabilities were discovered in the HTTP/2 code of Apache Traffic Server, a reverse and forward proxy server, which could result in denial of service. The fixes are too intrusive to backport to the version in the oldstable distribution stretch. An upgrade to Debian stable buster is...

Security update for nodejs10 (important)

openSUSE Security Update: Security update for nodejs10 Announcement ID: openSUSE-SU-2019:2114-1 Rating: important References: 1146090 1146091 1146093 1146094 1146095 1146097 1146099 1146100 Cross-References: CVE-2019-9511 CVE-2019-9512 CVE-2019-9513 CVE-2019-9514 CVE-2019-9515 CVE-2019-9516...

[SECURITY] [DSA 4520-1] trafficserver security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4520-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 09, 2019 https://www.debian.org/security/faq -...

Important: Red Hat Security Advisory: nghttp2 security update

An update for nghttp2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

SUSE SLES12 Security Update : apache2 (SUSE-SU-2019:2329-1) (Internal Data Buffering)

This update for apache2 fixes the following issues : Security issues fixed : CVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to unconstrained interal data buffering bsc1145575. CVE-2019-10081: Fixed modhttp2 that is vulnerable to memory corruption on early pushes bsc1145742...

openSUSE Security Update : go1.12 (openSUSE-2019-2085) (Ping Flood) (Reset Flood)

This update for go1.12 fixes the following issues : Security issues fixed : - CVE-2019-9512: Fixed HTTP/2 flood using PING frames that results in unbounded memory growth bsc1146111. - CVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a reset flood, potentially leading to a denial o...

MGASA-2019-0260 Updated tomcat packages fix security vulnerabilities

Updated tomcat packages fix security vulnerabilities: The HTTP/2 implementation accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet...

Updated tomcat packages fix security vulnerabilities

Updated tomcat packages fix security vulnerabilities: The HTTP/2 implementation accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet...