Univention Bugzilla – Bug 50095
nghttp2: Multiple issues (4.3)
Last modified: 2019-09-04 16:59:04 CEST
New Debian nghttp2 1.18.1-1+deb9u1 fixes: This update addresses the following issues: * large amount of data request leads to denial of service (CVE-2019-9511) * flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/nghttp2_1.18.1-1.dsc +++ apt/ucs_4.3-0-errata4.3-4/source/nghttp2_1.18.1-1+deb9u1.dsc @@ -1,3 +1,7 @@ +1.18.1-1+deb9u1 [Fri, 23 Aug 2019 19:05:18 +0200] Tomasz Buchert <tomasz@debian.org>: + + * Fix CVE-2019-9511 and CVE-2019-9513 + 1.18.1-1 [Sun, 08 Jan 2017 12:26:25 +0100] Tomasz Buchert <tomasz@debian.org>: * Imported upstream version 1.18.1 <http://10.200.17.11/4.3-4/#636695621430915006>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.3-4] d800e9d1f7 Bug #50095: nghttp2 1.18.1-1+deb9u1 doc/errata/staging/nghttp2.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) [4.3-4] 51a21f25df Bug #50095: nghttp2 1.18.1-1+deb9u1 doc/errata/staging/nghttp2.yaml | 15 +++++++++++++++ 1 file changed, 15 insertions(+)
<http://errata.software-univention.de/ucs/4.3/570.html>