[SECURITY] Fedora 28 Update: nghttp2-1.31.1-1.fc28

This package contains the HTTP/2 client, server and proxy programs...

Design/Logic Flaw

On F5 BIG-IP 13.0.0, 12.0.0-12.1.3.1, 11.6.0-11.6.2, 11.4.1-11.5.5, or 11.2.1, malformed SPDY or HTTP/2 requests may result in a disruption of service to TMM. Data plane is only exposed when a SPDY or HTTP/2 profile is attached to a virtual server. There is no control plane exposure...

CVE-2017-6155

On F5 BIG-IP 13.0.0, 12.0.0-12.1.3.1, 11.6.0-11.6.2, 11.4.1-11.5.5, or 11.2.1, malformed SPDY or HTTP/2 requests may result in a disruption of service to TMM. Data plane is only exposed when a SPDY or HTTP/2 profile is attached to a virtual server. There is no control plane exposure...

CVE-2017-6155

On F5 BIG-IP 13.0.0, 12.0.0-12.1.3.1, 11.6.0-11.6.2, 11.4.1-11.5.5, or 11.2.1, malformed SPDY or HTTP/2 requests may result in a disruption of service to TMM. Data plane is only exposed when a SPDY or HTTP/2 profile is attached to a virtual server. There is no control plane exposure...

Microsoft Windows Multiple Vulnerabilities (KB4093111)

This host is missing a critical security update according to Microsoft KB4093111 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Node.js: HTTP/2 Denial of Service Vulnerability

Summary: Malformed HTTP/2 frames cause NodeJS http2 module to perform an uninitialized read. This results in a segmentation fault of the node process, causing a denial of service for all users of the instance. Description: I have already worked extensively with the nodejs core security team on th...

HTTP/2 Server Denial of Service Vulnerability

A denial of service vulnerability exists in the HTTP/2 protocol stack HTTP.sys when HTTP.sys improperly parses specially crafted HTTP/2 requests. An attacker who successfully exploited the vulnerability could create a denial of service condition, causing the target system to become unresponsive. ...

Apache HTTP Server Denial of Service Vulnerability (Apr 2018) - Linux

Apache HTTP Server is prone to a denial of service vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Apache HTTP Server Denial of Service Vulnerability (Apr 2018) - Windows

Apache HTTP Server is prone to a denial of service vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Security fix for the ALT Linux 9 package apache2 version 1:2.4.33-alt1

March 31, 2018 Anton Farygin 1:2.4.33-alt1 - 2.4.33 - fixes: CVE-2018-1303 low: Possible out of bound read in modcachesocache CVE-2018-1302 low: Possible write of after free on HTTP/2 stream shutdown CVE-2018-1301 low: Possible out of bound access after failure in reading the HTTP request...

CVE-2018-1302

When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter...

Null pointer dereference

When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter...

CVE-2018-1302

When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter...

CVE-2018-1302

When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter...

CVE-2018-1302

When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter...

CVE-2018-1302

When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter...

CVE-2018-1302

When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter...

KLA12361 Multiple vulnerabilities in Apache HTTP Server

Multiple vulnerabilities were found in Apache HTTP Server. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, obtain sensitive information. Below is a complete list of vulnerabilities: 1. Out of bounds read vulnerability in modcachesocache...

Amazon Linux AMI : curl (ALAS-2018-951)

Out-of-bounds read in code handling HTTP/2 trailers : libcurl contains an out bounds read in code handling HTTP/2 trailers. It was reported https://github.com/curl/curl/pull/2231 that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. Th...

Important: curl

Issue Overview: Out-of-bounds read in code handling HTTP/2 trailers: libcurl contains an out bounds read in code handling HTTP/2 trailers. It was reported https://github.com/curl/curl/pull/2231 that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less th...