Important: Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.10.1 security update

An update is now available for Red Hat OpenShift GitOps 1.10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.14.0 security update

Red Hat OpenShift Container Platform release 4.14.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.14. Red Hat Product Security has rated this update as having a...

Important: Red Hat Security Advisory: skupper-cli and skupper-router security update

An update for skupper-cli and skupper-router is now available for Service Interconnect 1 for RHEL 8 and Service Interconnect 1 for RHEL 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a...

Important: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.8.3 security and bug fix updates

Red Hat Advanced Cluster Management for Kubernetes 2.8.3 General Availability release images, which provide security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a...

SUSE-SU-2023:4199-1 Security update for nghttp2

This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. bsc1216174...

Fedora: Security Advisory for mod_http2 (FEDORA-2023-0259c3f26f)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

go-toolset:rhel8 security update

An update is available for module.golang, go-toolset, delve, module.go-toolset, module.delve, golang. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Go Toolset...

[SECURITY] Fedora 38 Update: mod_http2-2.0.25-1.fc38

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers...

RHEL 9 : toolbox (RHSA-2023:6077)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6077 advisory. The rhel9/toolbox container image can be used with Toolbox to obtain RHEL based containerized command line environments to aid with...

Amazon Linux 2023 : containerd, containerd-stress (ALAS2023-2023-395)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-395 advisory. The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

Amazon Linux 2023 : runc (ALAS2023-2023-396)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-396 advisory. The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

Important: Red Hat Security Advisory: Self Node Remediation Operator 0.5.1 security update

This is an updated version of the Self Node Remediation Operator. This Operator is delivered by Red Hat Workload Availability. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

AZL-45147 CVE-2023-45802 affecting package mod_http2 for versions less than 2.0.29-3

When a HTTP/2 stream was reset RST frame by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing...

DEBIAN-CVE-2023-43622

An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in...

Important: Red Hat Security Advisory: Logging Subsystem 5.7.7 - Red Hat OpenShift security update

Logging Subsystem 5.7.7 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

Amazon Linux 2 : runc (ALASDOCKER-2023-033)

The version of runc installed on the remote host is prior to 1.1.7-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2023-033 advisory. The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams...

Amazon Linux 2 : runc (ALASNITRO-ENCLAVES-2023-032)

The version of runc installed on the remote host is prior to 1.1.7-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2NITRO-ENCLAVES-2023-032 advisory. The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many...

Amazon Linux 2 : docker (ALASDOCKER-2023-031)

The version of docker installed on the remote host is prior to 20.10.25-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2023-031 advisory. 2025-03-03: CVE-2023-29409 was added to this advisory. 2024-05-09: CVE-2022-41723 was added to this advisory...

CLSA-2023-1697742355 Fix CVE(s): CVE-2023-44487

SECURITY UPDATE: The HTTP/2 protocol allows a denial of service because request cancellation can reset many streams quickly - debian/patches/CVE-2023-44487.patch: HTTP/2 - per-iteration stream handling limit. - CVE-2023-44487...

HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...