Fedora Update for mod_http2 FEDORA-2018-9cdbb641f9

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora Update for mod_http2 FEDORA-2019-0300c36537

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 30 Update: mod_http2-1.14.1-1.fc30

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers...

Fedora Update for mod_http2 FEDORA-2019-133a8a7cb5

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE Security Update : curl (openSUSE-2019-435)

This update for curl to version 7.60.0 fixes the following issues : These security issues were fixed : - CVE-2018-1000300: Prevent heap-based buffer overflow when closing down an FTP connection with very long server command replies bsc1092094. - CVE-2018-1000301: Prevent buffer over-read that cou...

openSUSE Security Update : wireshark (openSUSE-2019-557)

This update for wireshark fixes the following issues : Security issues fixed : - CVE-2018-14342: BGP dissector large loop wnpa-sec-2018-34, boo1101777 - CVE-2018-14344: ISMP dissector crash wnpa-sec-2018-35, boo1101788 - CVE-2018-14340: Multiple dissectors could crash wnpa-sec-2018-36, boo1101804...

March Release: Q&A with Ari Weil

Shortly after Akamai announced the March 2019 Release with new features and capabilities across its security, performance and media product lines, Akamai's VP of Product Marketing, Ari Weil, took over Akamai's Twitter account for a live March Release Q&A. For those that missed the live event,...

[SECURITY] Fedora 28 Update: mod_http2-1.14.1-1.fc28

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers...

[SECURITY] Fedora 29 Update: mod_http2-1.14.1-1.fc29

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers...

Apache -- vulnerability

The Apache httpd Project reports: SECURITY: CVE-2018-17199 modsession: modsessioncookie does not respect expiry time allowing sessions to be reused. SECURITY: CVE-2019-0190 modssl: Fix infinite loop triggered by a client-initiated renegotiation in TLSv1.2 or earlier with OpenSSL 1.1.1 and later. ...

Wireshark 2.6.x < 2.6.2 Multiple Vulnerabilities (macOS)

The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 2.6.2. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-2.6.2 advisory. - In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the HTTP2 dissector could crash. This...

Fedora 28 : curl (2018-bc65ab5014)

http2: mark the connection for close on GOAWAY - new upstream release 7.59.0 - FTP path trickery leads to NIL byte out of bounds write CVE-2018-1000120 - LDAP NULL pointer dereference CVE-2018-1000121 - RTSP RTP buffer over-read CVE-2018-1000122 - ftp: fix typo in recursive callback detection for...

SUSE SLES15 Security Update : nodejs8 (SUSE-SU-2018:1918-1)

This update for nodejs8 to version 8.11.3 fixes the following issues: These security issues were fixed : - CVE-2018-7167: Calling Buffer.fill or Buffer.alloc with some parameters could have lead to a hang which could have resulted in a DoS bsc1097375. - CVE-2018-7161: By interacting with the http...

Proxygen Denial of Service Vulnerability

Facebook Proxygen is an open source C++ HTTP library from Facebook Inc. HTTP2 Parser is one of the HTTP2 Hypertext Transfer Protocol 2.0 parser. A security vulnerability exists in the handling of headers/trailers by HTTP2 Parser in versions prior to Facebook Proxygen 2018.12.31.00. An attacker...

Denial of service

A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 priority settings specifically a circular dependency. This affects Proxygen prior to v2018.12.31.00...

Design/Logic Flaw

Proxygen fails to validate that a secondary auth manager is set before dereferencing it. That can cause a denial of service issue when parsing a Certificate/CertificateRequest HTTP2 Frame over a fizz TLS 1.3 transport. This issue affects Proxygen releases starting from v2018.10.29.00 until the fi...

CVE-2018-6346

A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 priority settings specifically a circular dependency. This affects Proxygen prior to v2018.12.31.00...

CVE-2018-6346

A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 priority settings specifically a circular dependency. This affects Proxygen prior to v2018.12.31.00...

CVE-2018-6347

An issue in the Proxygen handling of HTTP2 parsing of headers/trailers can lead to a denial-of-service attack. This affects Proxygen prior to v2018.12.31.00...

CVE-2018-6343

Proxygen fails to validate that a secondary auth manager is set before dereferencing it. That can cause a denial of service issue when parsing a Certificate/CertificateRequest HTTP2 Frame over a fizz TLS 1.3 transport. This issue affects Proxygen releases starting from v2018.10.29.00 until the fi...