Lucene search
SuseOPENSUSE-SU-2019:2072-1HistorySep 05, 2019 - 12:00 a.m.
Security update for go1.11 (moderate)
2019-09-0500:00:00
lists.opensuse.org
92
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
An update that solves three vulnerabilities and has one
errata is now available.
Description:
This update for go1.11 fixes the following issues:
Security issues fixed:
- CVE-2019-9512: Fixed HTTP/2 flood using PING frames that results in
unbounded memory growth (bsc#1146111). - CVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a reset
flood, potentially leading to a denial of service (bsc#1146115). - CVE-2019-14809: Fixed malformed hosts in URLs that leads to
authorization bypass (bsc#1146123).
Bugfixes:
- Update to go version 1.11.13 (bsc#1141688).
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:
-
openSUSE Leap 15.1:
zypper in -t patch openSUSE-2019-2072=1
-
openSUSE Leap 15.0:
zypper in -t patch openSUSE-2019-2072=1
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| openSUSE Leap | 15.1 | x86_64 | < - openSUSE Leap 15.1 (x86_64): | - openSUSE Leap 15.1 (x86_64):.x86_64.rpm | |
| openSUSE Leap | 15.0 | x86_64 | < - openSUSE Leap 15.0 (x86_64): | - openSUSE Leap 15.0 (x86_64):.x86_64.rpm |
Related
nessus
nessus
openvas
openvas
openSUSE: Security Advisory for go1.12 (openSUSE-SU-2019:2130-1)
2020-01-09 00:00:00
openSUSE: Security Advisory for go1.12 (openSUSE-SU-2019:2000-1)
2020-01-09 00:00:00
Fedora Update for golang FEDORA-2019-55d101a740
2019-09-07 00:00:00
archlinux
archlinux
[ASA-201908-15] go: multiple issues
2019-08-24 00:00:00
[ASA-201908-16] go-pie: multiple issues
2019-08-24 00:00:00
suse
suse
Security update for go1.12 (moderate)
2019-09-02 00:00:00
Security update for go1.12 (moderate)
2019-09-14 00:00:00
Security update for go1.12 (moderate)
2019-09-07 00:00:00
osv
osv
golang-1.11 - security update
2019-08-18 00:00:00
CVE-2019-9514
2019-08-13 21:15:12
Reset flood in net/http and golang.org/x/net/http
2022-08-01 22:20:53
altlinux
altlinux
Security fix for the ALT Linux 10 package golang version 1.12.9-alt1
2019-08-19 00:00:00
Security fix for the ALT Linux 10 package kubernetes version 1.15.3-alt1
2019-09-26 00:00:00
Security fix for the ALT Linux 10 package traefik version 1.7.14-alt1
2019-08-23 00:00:00
fedora
fedora
[SECURITY] Fedora 30 Update: golang-1.12.9-1.fc30
2019-09-06 12:35:05
[SECURITY] Fedora 30 Update: golang-1.12.10-1.fc30
2019-10-09 16:54:30
[SECURITY] Fedora 30 Update: golang-1.12.13-1.fc30
2019-11-12 02:09:13
amazon
amazon
Important: golang
2019-08-23 16:58:00
Important: golang
2019-08-23 03:20:00
Medium: golang
2019-10-08 21:46:00
mageia
mageia
Updated golang packages fix security vulnerabilities
2019-09-07 00:09:08
Updated golang-googlecode-net package fixes security vulnerabilities
2020-12-22 00:47:06
debian
debian
[SECURITY] [DSA 4503-1] golang-1.11 security update
2019-08-18 18:25:11
[SECURITY] [DLA 2485-1] golang-golang-x-net-dev security update
2020-12-08 22:15:45
[SECURITY] [DSA 4508-1] h2o security update
2019-08-24 14:44:01
ibm
ibm
rocky
rocky
container-tools:1.0 security update
2019-12-17 09:20:02
container-tools:rhel8 security and bug fix update
2019-12-17 09:19:28
redhat
redhat
(RHSA-2020:0406) Important: containernetworking-plugins security update
2020-02-04 18:54:49
(RHSA-2019:3906) Important: OpenShift Container Platform 3.11 HTTP/2 security update
2019-11-18 16:18:29
(RHSA-2019:2726) Important: go-toolset:rhel8 security and bug fix update
2019-09-10 10:40:48
almalinux
almalinux
Important: container-tools:1.0 security update
2019-12-17 09:20:02
Important: container-tools:rhel8 security and bug fix update
2019-12-17 09:19:28
freebsd
freebsd
traefik -- Denial of service in HTTP/2
2019-08-13 00:00:00
h2o -- multiple HTTP/2 vulnerabilities
2019-08-13 00:00:00
h2o -- multiple HTTP/2 vulnerabilities
2019-08-13 00:00:00
oraclelinux
oraclelinux
go-toolset:rhel8 security and bug fix update
2019-09-17 00:00:00
container-tools:1.0 security update
2020-01-03 00:00:00
container-tools:ol8 security and bug fix update
2020-04-15 00:00:00
arista
arista
Security Advisory 0043
2019-11-06 00:00:00
github
github
HTTP/2 DoS Attacks: Ping, Reset, and Settings Floods
2022-03-14 22:45:11
golang.org/x/net/http vulnerable to ping floods
2022-05-24 16:53:17
golang.org/x/net/http vulnerable to a reset flood
2022-05-24 16:53:19
ubuntu
ubuntu
Netty vulnerabilities
2021-06-29 00:00:00
redhatcve
redhatcve
CVE-2019-14809
2019-08-19 07:51:16
CVE-2019-9514
2021-08-01 15:46:55
ubuntucve
ubuntucve
CVE-2019-14809
2019-08-13 00:00:00
cve
cve
debiancve
debiancve
CVE-2019-14809
2019-08-13 21:15:00
CVE-2019-9512
2019-08-13 21:15:00
alpinelinux
alpinelinux
attackerkb
attackerkb
CVE-2019-14809
2019-08-13 00:00:00
prion
prion
Authorization
2019-08-13 21:15:00
Design/Logic Flaw
2019-08-13 21:15:00
veracode
veracode
Authorization Bypass
2019-08-14 05:59:46
Denial Of Service (DoS) Via Ping Floods
2019-09-04 08:20:27
Denial Of Service (DoS) Via Reset Signal Floods
2019-09-04 12:13:52
apple
apple
About the security content of SwiftNIO HTTP/2 1.5.0 - Apple Support
2019-08-13 06:09:21
About the security content of SwiftNIO HTTP/2 1.5.0
2019-08-13 00:00:00
gitlab
gitlab
Allocation of Resources Without Limits or Throttling
2022-05-24 00:00:00
Uncontrolled Resource Consumption
2022-05-24 00:00:00
Uncontrolled Resource Consumption
2022-05-24 00:00:00
f5
f5
K98053339 : HTTP/2 Ping Flood vulnerability CVE-2019-9512
2019-08-20 00:00:00
K01988340 : HTTP/2 Reset Flood vulnerability CVE-2019-9514
2019-08-20 00:00:00
wolfi
wolfi
CVE-2019-9512 vulnerabilities
2024-04-23 03:07:01
CVE-2019-9514 vulnerabilities
2024-04-23 03:07:01
cgr
cgr
CVE-2019-9514 vulnerabilities
2024-04-23 03:13:53
CVE-2019-9512 vulnerabilities
2024-04-23 03:13:53
symantec
symantec
Microsoft Windows 'HTTP.sys' CVE-2019-9514 Denial of Service Vulnerability
2019-08-13 00:00:00
Microsoft Windows 'HTTP.sys' CVE-2019-9512 Denial of Service Vulnerability
2019-08-13 00:00:00
mscve
mscve
HTTP/2 Server Denial of Service Vulnerability
2019-08-13 07:00:00
HTTP/2 Server Denial of Service Vulnerability
2019-08-13 07:00:00
photon
photon
Important Photon OS Security Update - PHSA-2022-4.0-0298
2022-12-14 00:00:00
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
Related for OPENSUSE-SU-2019:2072-1