You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa nghttp2

Sigurnosni nedostatak programskog paketa nghttp2

openSUSE Security Update: Security update for nghttp2
______________________________________________________________________________

Announcement ID: openSUSE-SU-2020:0379-1
Rating: moderate
References: #1159003 #1166481
Cross-References: CVE-2019-18802
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________

An update that solves one vulnerability and has one errata
is now available.

Description:

This update for nghttp2 fixes the following issues:

nghttp2 was update to version 1.40.0 (bsc#1166481)

– lib: Add nghttp2_check_authority as public API
– lib: Fix the bug that stream is closed with wrong error code
– lib: Faster huffman encoding and decoding
– build: Avoid filename collision of static and dynamic lib
– build: Add new flag ENABLE_STATIC_CRT for Windows
– build: cmake: Support building nghttpx with systemd
– third-party: Update neverbleed to fix memory leak
– nghttpx: Fix bug that mruby is incorrectly shared between backends
– nghttpx: Reconnect h1 backend if it lost connection before sending
headers
– nghttpx: Returns 408 if backend timed out before sending headers
– nghttpx: Fix request stal

This update was imported from the SUSE:SLE-15:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– openSUSE Leap 15.1:

zypper in -t patch openSUSE-2020-379=1

Package List:

– openSUSE Leap 15.1 (i586 x86_64):

libnghttp2-14-1.40.0-lp151.3.6.1
libnghttp2-14-debuginfo-1.40.0-lp151.3.6.1
libnghttp2-devel-1.40.0-lp151.3.6.1
libnghttp2_asio-devel-1.40.0-lp151.3.6.1
libnghttp2_asio1-1.40.0-lp151.3.6.1
libnghttp2_asio1-debuginfo-1.40.0-lp151.3.6.1
nghttp2-1.40.0-lp151.3.6.1
nghttp2-debuginfo-1.40.0-lp151.3.6.1
nghttp2-debugsource-1.40.0-lp151.3.6.1
nghttp2-python-debugsource-1.40.0-lp151.3.6.1
python3-nghttp2-1.40.0-lp151.3.6.1
python3-nghttp2-debuginfo-1.40.0-lp151.3.6.1

– openSUSE Leap 15.1 (x86_64):

libnghttp2-14-32bit-1.40.0-lp151.3.6.1
libnghttp2-14-32bit-debuginfo-1.40.0-lp151.3.6.1
libnghttp2_asio1-32bit-1.40.0-lp151.3.6.1
libnghttp2_asio1-32bit-debuginfo-1.40.0-lp151.3.6.1

References:

https://www.suse.com/security/cve/CVE-2019-18802.html
https://bugzilla.suse.com/1159003
https://bugzilla.suse.com/1166481


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

Top
More in Preporuke
Sigurnosni nedostatak programske biblioteke glibc

Otkriven je sigurnosni nedostatak programske biblioteke glibc za operacijski sustav openSUSE. Otkriveni nedostatak potencijalnim napadačima omogućuje izazivanje DoS stanja. Savjetuje...

Close