You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa SwiftNIO

Sigurnosni nedostaci programskog paketa SwiftNIO

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0

SwiftNIO HTTP/2 1.5.0 is now available and addresses the following:

SwiftNIO HTTP/2
Available for: SwiftNIO HTTP/2 1.0.0 through 1.4.0 on
macOS Sierra 10.12 and later and Ubuntu 14.04 and later
Impact: A HTTP/2 server may consume unbounded amounts of memory when
receiving certain traffic patterns and eventually suffer resource
exhaustion
Description: This issue was addressed with improved buffer size
management.
CVE-2019-9512: Jonathan Looney of Netflix
CVE-2019-9514: Jonathan Looney of Netflix
CVE-2019-9515: Jonathan Looney of Netflix
CVE-2019-9516: Jonathan Looney of Netflix

SwiftNIO HTTP/2
Available for: SwiftNIO HTTP/2 1.0.0 through 1.4.0 on
macOS Sierra 10.12 and later and Ubuntu 14.04 and later
Impact: A HTTP/2 server may consume excessive CPU resources when
receiving certain traffic patterns
Description: This issue was addressed with improved input validation.
CVE-2019-9518: Piotr Sikora of Google, Envoy Security Team

Installation note:

SwiftNIO HTTP/2 1.5.0 may be obtained via Swift Package Manager.

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222 and
https://github.com/apple/swift-nio-http2/releases/tag/1.5.0.

This message is signed with Apple’s Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
—–BEGIN PGP SIGNATURE—–

iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAl1S69ApHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3Elqw//
TAkt1t7YKV8hvLOUd/60+kTutSQMapp6y6+UxaHmCXVp8ftwDz92Z0YD1RdBETjc
NrsUHWgfoHpKQgZSzfCQLqmSvxwzVw2JD1OjUCdwLLf7B7nO6sBIkmJzQ62HHuse
Ixy0fm06HXt1buDAhpG/cmOHtJYS0kNYfTONkv9WGuvkqr7/neaiMcsIRLdwUsim
AJZYt0vzKvyG8hnKH0NRp1EygGf9OBoJMdp6e21xeQxj1xqFKV9jnn43/1yhdqvY
201dzY2zJ3UycM5ao4vQndFQkysATRojjHEY7U+RMu3WJsqA5hKjQH6vvZDaVjsq
8Bx1otGPUHhl7YusdYD2LI927+tNH1SZDStdCutuho4rs2PvVeHW5SBug4decYOw
0VEl/UaIitHoDuzFGMyu9ZYdutsHdLgsFC1FtK62l8/CMASJJsRL+MsBj9WZmtMk
KzqQYYbkD0f3MVzesxTjM9tAqrItGglevkzSGL7jXN9oVz/Qr/I3A9u9BcQbgYbS
nwem75bWYkTDiXznxDST+iafKFWZurt66J/Akd0KadioEq5cxP/fL65DBQjrpuWr
1CQPErEfJyO8ngyhYTul3mqNHUyPIyEymihYg8+StN2PZDhOvHurrpP3GiWV1y9H
lsOyDbNanEeqFlQMzG/94j8dexBtKLQTcWJn1nf/Q/4=
=FBOZ
—–END PGP SIGNATURE—–
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (Security-announce@lists.apple.com)
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/security-announce/advinp%40cert.hr

This email sent to advinp@cert.hr

Top
More in Preporuke
Sigurnosni nedostaci programskog paketa GraphicsMagick

Otkriveni su sigurnosni nedostaci u programskom paketu GraphicsMagick za operacijski sustav. Otkriveni nedostaci potencijalnim napadačima omogućuju otkrivanje osjetljivih informacija. Savjetuje...

Close