RHCOS 4 : OpenShift Container Platform 4.15.10 (RHSA-2024:1892)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:1892 advisory. - golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS CVE-2023-45288 Note that Nessus has not tested for this...

RHCOS 4 : OpenShift Container Platform 4.14.22 (RHSA-2024:1897)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1897 advisory. - golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS CVE-2023-45288 - golang-fips/openssl: Memory lea...

CentOS 7 : rhc-worker-script (RHSA-2024:2625)

The remote CentOS Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:2625 advisory. - An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK sta...

[SECURITY] [DLA 3804-1] nghttp2 security update

Debian LTS Advisory DLA-3804-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin April 30, 2024 https://wiki.debian.org/LTS Package : nghttp2 Version : 1.36.0-2+deb10u3 CVE ID : CVE-2024-28182 Debian Bug : 1068415 Bartek Nowotarskis discovered that nghttp2, a set of...

Moderate: mod_http2 security update

The modhttp2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: httpd: modhttp2: DoS in HTTP/2 with initial window size 0 CVE-2023-43622 modhttp2: reset requests exhaust memory incomplete fix of CVE-2023-44487 CVE-2023-45802 For mo...

Important: nghttp2

Issue Overview: nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage ...

RHEL 9 : golang (RHSA-2024:2562)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2562 advisory. The golang packages provide the Go programming language compiler. Security Fixes: golang-fips/openssl: Memory leaks in code encrypting and...

Amazon Linux 2 : mod_http2 (ALAS-2024-2524)

The version of modhttp2 installed on the remote host is prior to 1.15.19-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2524 advisory. HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413...

Important: mod_http2

Issue Overview: HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion. CVE-2024-27316 Affected Packages: modhttp2 Note: This advisory is...

RHEL 7 : rhc-worker-script (RHSA-2024:2625)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:2625 advisory. The rhc-worker-script packages provide Remote Host Configuration rhc worker for executing an interpreted programming language script on hosts managed...

Amazon Linux 2 : firefox (ALASFIREFOX-2024-024)

The version of firefox installed on the remote host is prior to 115.10.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2024-024 advisory. An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript...

Fedora 40 : cachelib / fb303 / fbthrift / fizz / folly / mcrouter / mvfst / etc (2023-acbee8f31a)

The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-acbee8f31a advisory. Update Folly stack to the latest 2023.10.16.00 tag proxygen: Security fix for CVE-2023-44487 Tenable has extracted the preceding description block directly...

Fedora 39 : golang-helm-3 (2023-46c95e2c57)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-46c95e2c57 advisory. Automatic update for golang-helm-3-3.11.1-1.fc39. Changelog Tue Feb 21 2023 Davide Cavalca - 3.11.1-1 - Update to 3.11.1; Fixes: RHBZ1977738,...

Fedora 40 : nodejs20 (2024-2ffe03eaa6)

"The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-2ffe03eaa6 advisory. 2024-04-03, Version 20.12.1 'Iron' LTS, @RafaelGSS This is a security release Notable Changes CVE-2024-27983 - Assertion failed in...

Fedora 40 : trafficserver (2024-111a8a624b)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-111a8a624b advisory. Update to upstream 9.2.4, resolves CVE-2024-31309 CONTINUATION frames DoS Tenable has extracted the preceding description block directly from the...

Fedora 40 : dnsx (2023-2e09477fbc)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-2e09477fbc advisory. Automatic update for dnsx-1.1.6-1.fc40. Changelog Thu Nov 16 2023 Mikel Olasagasti Uranga - 1.1.6-1 - Update to 1.1.6 - Closes rhbz2249448 rhbz2248264 Tenabl...

Fedora 40 : golang-github-colinmarc-hdfs-2 (2023-791e2dc6cb)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-791e2dc6cb advisory. Automatic update for golang-github-colinmarc-hdfs-2-2.4.0-1.fc40. Changelog Thu Oct 12 2023 Mikel Olasagasti Uranga - 2.4.0-1 - Update to 2.4.0 - Closes...

Fedora 40 : gh (2023-5852a1cc3f)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-5852a1cc3f advisory. Automatic update for gh-2.39.1-1.fc40. Changelog Wed Nov 15 2023 Mikel Olasagasti Uranga - 2.39.1-1 - Update to 2.39.1 - Closes rhbz2249773 rhbz2248270 Tenab...

AlmaLinux 8 : go-toolset:rhel8 (ALSA-2024:1962)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:1962 advisory. golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS CVE-2023-45288 Tenable has extracted the preceding description block directly fro...

Fedora 40 : doctl (2023-72ab10f1de)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-72ab10f1de advisory. Automatic update for doctl-1.101.0-2.fc40. Changelog Sat Dec 9 2023 Mikel Olasagasti Uranga - Update to 1.101.0 - Closes rhbz2253730 rhbz2248265 Tenable has...