[ALSA-2023:5837] Important: nghttp2 security update
Type:
security
Severity:
important
Release date:
2023-10-19
Description:
nghttp2 contains the Hypertext Transfer Protocol version 2 (HTTP/2) client, server, and proxy programs as well as a library implementing the HTTP/2 protocol in C. Security Fix(es): * HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 libnghttp2-devel-1.33.0-5.el8_8.aarch64.rpm 85d12228cee77c02d7a1ac3364e37805b9b7cac155b00b0c3994b75e3b858442
aarch64 nghttp2-1.33.0-5.el8_8.aarch64.rpm 971b6bf5e23497c10bb7079592a6bd808b92ea76b9eef0a154c495b27367cf5a
aarch64 libnghttp2-1.33.0-5.el8_8.aarch64.rpm fd30a3e1d20ed6fc107e460086dc9a7b03d92230df8318172d3cd58f4671d0ff
i686 libnghttp2-devel-1.33.0-5.el8_8.i686.rpm 7b77e181319fa3e0440f19fed357fec69c9fd00b036d0b195e2615ca8dac82cf
i686 libnghttp2-1.33.0-5.el8_8.i686.rpm d24b467adc0296d6ea769b2ccef545ecffebbe2b7bd0ba0e39600dc7ef6135de
ppc64le libnghttp2-1.33.0-5.el8_8.ppc64le.rpm 5e8782caf3d3a1b25b18dc5b79c87d8d415811e8b710275423c334c354baeb07
ppc64le libnghttp2-devel-1.33.0-5.el8_8.ppc64le.rpm 679099432ee4022766a296f39af8224efb3ebbcd5ec6e7173f1bac7cbfcb0e5a
ppc64le nghttp2-1.33.0-5.el8_8.ppc64le.rpm b40be6d555f5bc02acff85ab0d189dfd4be3b8ba994a7c8c7e1ec9458cae7431
s390x nghttp2-1.33.0-5.el8_8.s390x.rpm 13a7f79b8bb78c785bc0d1219bbaa48d24af0bff882ddbf164986b7aa6b77a1c
s390x libnghttp2-1.33.0-5.el8_8.s390x.rpm 154af2db5c6258f69e5f9a5ca8740fd1b59749771c3344f8120077b7f9bd0ddc
s390x libnghttp2-devel-1.33.0-5.el8_8.s390x.rpm 27a353199bc9da2f07e8c8334d30874516e008cb767e97b1de1145e2a837359a
x86_64 libnghttp2-devel-1.33.0-5.el8_8.x86_64.rpm 7e24b039c1f88f74d593234e6cdc7b9188da9148a099e0b95f473db178c93a4d
x86_64 libnghttp2-1.33.0-5.el8_8.x86_64.rpm c066808ad8b96793a3387a1a0667a6b3f8268de0c00d0ba8bb2fd082ae0e5d1d
x86_64 nghttp2-1.33.0-5.el8_8.x86_64.rpm f765ba55ab1877f366c2dc4da72bb27c7293e568cf6b181350fa2fb501284d9c
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.