SUSE-SU-2019:2329-1 Security update for apache2

This update for apache2 fixes the following issues: Security issues fixed: - CVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to unconstrained interal data buffering bsc1145575. - CVE-2019-10081: Fixed modhttp2 that is vulnerable to memory corruption on early pushes bsc1145742. -...

SUSE-SU-2019:2309-1 Security update for nginx

This update for nginx fixes the following issues: Security issues fixed: - CVE-2019-9511: Fixed a denial of service by manipulating the window size and stream prioritization bsc1145579. - CVE-2019-9513: Fixed a denial of service caused by resource loops bsc1145580. - CVE-2019-9516: Fixed a denial...

SUSE-SU-2019:2259-1 Security update for nodejs10

This update for nodejs10 to version 10.16.3 fixes the following issues: Security issues fixed: - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service bsc1146091. -...

Fedora Update for mod_http2 FEDORA-2019-4427fd65be

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora Update for mod_http2 FEDORA-2019-63ba15cc83

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 30 Update: mod_http2-1.15.3-2.fc30

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers...

[SECURITY] Fedora 29 Update: mod_http2-1.15.3-2.fc29

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers...

HTTP2 Vulnerabilities

On Tuesday, August 13th at 10 AM Pacific Time 1700UTC, Netflix publicly disclosed a series of vulnerabilities found by Jonathan Looney that impact many implementations of the HTTP2 protocol. A vulnerability found by Piotr Sikora of Google was also released...

The vulnerability of the mod_http2 module in the Apache HTTP Server allows a attacker to cause a service failure or gain access to confidential information.

The vulnerability of the modhttp2 module in the Apache HTTP Server is related to the use of memory after deallocation. Exploiting this vulnerability can allow a malicious actor to cause service failures or gain access to confidential information by sending specially crafted requests...

Fedora Update for mod_http2 FEDORA-2019-c7187e6dc7

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 29 Update: mod_http2-1.15.1-1.fc29

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers...

Apache Tomcat reserveWindowSize Denial-Of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on vulnerable installations of Apache Tomcat. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HTTP2 requests. A crafted HTTP2 request can create a...

[SECURITY] Fedora 30 Update: mod_http2-1.15.0-1.fc30

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers...

Fedora Update for mod_http2 FEDORA-2019-08e57d15fd

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora Update for mod_http2 FEDORA-2018-9cdbb641f9

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora Update for mod_http2 FEDORA-2019-0300c36537

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 30 Update: mod_http2-1.14.1-1.fc30

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers...

Fedora Update for mod_http2 FEDORA-2019-133a8a7cb5

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE Security Update : curl (openSUSE-2019-435)

This update for curl to version 7.60.0 fixes the following issues : These security issues were fixed : - CVE-2018-1000300: Prevent heap-based buffer overflow when closing down an FTP connection with very long server command replies bsc1092094. - CVE-2018-1000301: Prevent buffer over-read that cou...

openSUSE Security Update : wireshark (openSUSE-2019-557)

This update for wireshark fixes the following issues : Security issues fixed : - CVE-2018-14342: BGP dissector large loop wnpa-sec-2018-34, boo1101777 - CVE-2018-14344: ISMP dissector crash wnpa-sec-2018-35, boo1101788 - CVE-2018-14340: Multiple dissectors could crash wnpa-sec-2018-36, boo1101804...