Lucene search

K
suseSuseOPENSUSE-SU-2019:2234-1
HistoryOct 01, 2019 - 12:00 a.m.

Security update for nghttp2 (moderate)

2019-10-0100:00:00
lists.opensuse.org
151

EPSS

0.078

Percentile

94.3%

An update that solves two vulnerabilities and has three
fixes is now available.

Description:

This update for nghttp2 fixes the following issues:

Security issues fixed:

  • CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to
    resource loops, potentially leading to a denial of service (bsc#1146184).
  • CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to
    window size manipulation and stream prioritization manipulation,
    potentially leading to a denial of service (bsc#11461).

Bug fixes and enhancements:

  • Fixed mistake in spec file (bsc#1125689)
  • Fixed build issue with boost 1.70.0 (bsc#1134616)
  • Feature: Add W&S module (FATE#326776, bsc#1112438)

This update was imported from the SUSE:SLE-15:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

  • openSUSE Leap 15.0:

    zypper in -t patch openSUSE-2019-2234=1

OSVersionArchitecturePackageVersionFilename
openSUSE Leap15.0i586< - openSUSE Leap 15.0 (i586 x86_64):- openSUSE Leap 15.0 (i586 x86_64):.i586.rpm
openSUSE Leap15.0x86_64< - openSUSE Leap 15.0 (i586 x86_64):- openSUSE Leap 15.0 (i586 x86_64):.x86_64.rpm
openSUSE Leap15.0x86_64< - openSUSE Leap 15.0 (x86_64):- openSUSE Leap 15.0 (x86_64):.x86_64.rpm