OPENSUSE-SU-2019:2085-1 Security update for go1.12

This update for go1.12 fixes the following issues: Security issues fixed: - CVE-2019-9512: Fixed HTTP/2 flood using PING frames that results in unbounded memory growth bsc1146111. - CVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a reset flood, potentially leading to a denial of...

Security update for go1.12 (moderate)

openSUSE Security Update: Security update for go1.12 Announcement ID: openSUSE-SU-2019:2085-1 Rating: moderate References: 1139210 1141689 1146111 1146115 1146123 Cross-References: CVE-2019-14809 CVE-2019-9512 CVE-2019-9514 Affected Products: openSUSE Leap 15.1 An update that solves three...

Updated golang packages fix security vulnerabilities

Updated golang packages fix security vulnerabilities: Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently...

MGASA-2019-0251 Updated golang packages fix security vulnerabilities

Updated golang packages fix security vulnerabilities: Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently...

SUSE SLES15 Security Update : nginx (SUSE-SU-2019:2309-1) (0-Length Headers Leak) (Data Dribble) (Resource Loop)

This update for nginx fixes the following issues : Security issues fixed : CVE-2019-9511: Fixed a denial of service by manipulating the window size and stream prioritization bsc1145579. CVE-2019-9513: Fixed a denial of service caused by resource loops bsc1145580. CVE-2019-9516: Fixed a denial of...

openSUSE: Security Advisory for go1.11 (openSUSE-SU-2019:2072-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE Security Update : go1.11 (openSUSE-2019-2072) (Ping Flood) (Reset Flood)

This update for go1.11 fixes the following issues : Security issues fixed : - CVE-2019-9512: Fixed HTTP/2 flood using PING frames that results in unbounded memory growth bsc1146111. - CVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a reset flood, potentially leading to a denial o...

Security update for go1.11 (moderate)

openSUSE Security Update: Security update for go1.11 Announcement ID: openSUSE-SU-2019:2072-1 Rating: moderate References: 1141688 1146111 1146115 1146123 Cross-References: CVE-2019-14809 CVE-2019-9512 CVE-2019-9514 Affected Products: openSUSE Leap 15.1 openSUSE Leap 15.0 An update that solves...

Denial Of Service (DoS) Via Reset Signal Floods

github.com/grpc/grpc-go is vulnerable to denial of service DoS attacks. The attack can be triggered by sending a flood of reset signals by a HTTP/2 peer, leading to an excessive data queue and causing high CPU and resource consumption...

Denial Of Service (DoS) Via Ping Floods

github.com/grpc/grpc-go is vulnerable to denial of service DoS attacks. The attack can be triggered by sending a flood of pings by a HTTP/2 peer, leading to an excessive data queue and causing high CPU and resource consumption...

openSUSE: Security Advisory for apache2 (openSUSE-SU-2019:2051-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Debian DSA-4511-1 : nghttp2 - security update (Data Dribble) (Resource Loop)

Two vulnerabilities were discovered in the HTTP/2 code of the nghttp2 HTTP server, which could result in denial of service. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4511. The text itself is copyright C...

openSUSE: Security Advisory for go1.12 (openSUSE-SU-2019:2056-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE SLES15 Security Update : nodejs10 (SUSE-SU-2019:2259-1) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)

This update for nodejs10 to version 10.16.3 fixes the following issues : Security issues fixed : CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service bsc1146091. CVE-2019-9512...

HTTP/2 Multiple DoS Attacks (VU#605641)

Improper implementations of the HTTP/2 protocol can lead to a variety denial-of-service DoS attacks...

openSUSE Security Update : go1.12 (openSUSE-2019-2056) (Ping Flood) (Reset Flood)

This update for go1.12 fixes the following issues : Security issues fixed : - CVE-2019-9512: Fixed HTTP/2 flood using PING frames that results in unbounded memory growth bsc1146111. - CVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a reset flood, potentially leading to a denial o...

SUSE SLES15 Security Update : nodejs8 (SUSE-SU-2019:2260-1) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)

This update for nodejs8 to version 8.16.1 fixes the following issues : Security issues fixed : CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service bsc1146091. CVE-2019-9512:...

OPENSUSE-SU-2019:2051-1 Security update for apache2

This update for apache2 fixes the following issues: Security issues fixed: - CVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to unconstrained interal data buffering bsc1145575. - CVE-2019-10081: Fixed modhttp2 that is vulnerable to memory corruption on early pushes bsc1145742. -...

SUSE-SU-2019:2260-1 Security update for nodejs8

This update for nodejs8 to version 8.16.1 fixes the following issues: Security issues fixed: - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service bsc1146091. - CVE-2019-9512...

Security update for go1.12 (moderate)

openSUSE Security Update: Security update for go1.12 Announcement ID: openSUSE-SU-2019:2056-1 Rating: moderate References: 1139210 1141689 1146111 1146115 1146123 Cross-References: CVE-2019-14809 CVE-2019-9512 CVE-2019-9514 Affected Products: openSUSE Leap 15.1 openSUSE Leap 15.0 An update that...