openSUSE Security Update : nghttp2 (openSUSE-2019-2234) (Data Dribble) (Resource Loop)

This update for nghttp2 fixes the following issues : Security issues fixed : - CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service bsc1146184. - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size...

openSUSE Security Update : nghttp2 (openSUSE-2019-2232) (Data Dribble) (Resource Loop)

This update for nghttp2 fixes the following issues : Security issues fixed : - CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service bsc1146184. - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size...

Oracle Linux 8 : nodejs:10 (ELSA-2019-2925)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-2925 advisory. nodejs-packaging 17-3 - Change Requires to Recommends on nodejs dependency, so it is usable for building nodejs Tenable has extracted the preceding...

Important: Red Hat Security Advisory: httpd24-httpd and httpd24-nghttp2 security update

An update for httpd24-httpd and httpd24-nghttp2 is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

HTTP/2: flood using PRIORITY frames results in excessive resource consumption

A flaw was found in HTTP/2. An attacker, using PRIORITY frames to flood the system, could cause excessive CPU usage and starvation of other clients. The largest threat from this vulnerability is to system availability...

OPENSUSE-SU-2019:2232-1 Security update for nghttp2

This update for nghttp2 fixes the following issues: Security issues fixed: - CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service bsc1146184. - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size...

Important: Red Hat Security Advisory: rh-nodejs10-nodejs security update

An update for rh-nodejs10-nodejs is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Security update for nghttp2 (moderate)

openSUSE Security Update: Security update for nghttp2 Announcement ID: openSUSE-SU-2019:2234-1 Rating: moderate References: 1112438 1125689 1134616 1146182 1146184 Cross-References: CVE-2019-9511 CVE-2019-9513 Affected Products: openSUSE Leap 15.0 An update that solves two vulnerabilities and has...

RHEL 8 : nodejs:10 (RHSA-2019:2925)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2925 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

HTTP/2: flood using PRIORITY frames results in excessive resource consumption

A flaw was found in HTTP/2. An attacker, using PRIORITY frames to flood the system, could cause excessive CPU usage and starvation of other clients. The largest threat from this vulnerability is to system availability...

Important: Red Hat Security Advisory: nodejs:10 security update

An update for the nodejs:10 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

nodejs:10 security update

An update is available for nodejs-nodemon, nodejs-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Node.js is a software development platform for...

RLSA-2019:2925 Important: nodejs:10 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 10.16.3. Security Fixes: HTTP/2: large amount of data requests leads to denial of...

Important: nodejs:10 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 10.16.3. Security Fixes: HTTP/2: large amount of data requests leads to denial of...

Important: nginx

Issue Overview: Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and...

Important: nghttp2

Issue Overview: Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and...

EulerOS 2.0 SP8 : tomcat (EulerOS-SA-2019-2094)

According to the version of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to...

EulerOS 2.0 SP8 : golang (EulerOS-SA-2019-2078)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an...

EulerOS 2.0 SP8 : nghttp2 (EulerOS-SA-2019-2083)

According to the version of the nghttp2 package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of...

EulerOS 2.0 SP8 : nginx (EulerOS-SA-2019-2084)

According to the versions of the nginx packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This...