Vulmon
<!--X-Body-Begin-->
<!--X-User-Header-->
<a href="/fulldisclosure/"><img src="/images/fulldisclosure-logo.png" class="l-logo right" alt="fulldisclosure logo" width="80"></a>
<h2 class="m-list"><a href="/fulldisclosure/">Full Disclosure</a>
mailing list archives</h2>
<!--X-User-Header-End-->
<!--X-TopPNI-->
<div class="nav-bar">
<div class="nav-link">
<a href="15"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="date.html#16">By Date</a>
<a href="12"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<div class="nav-link">
<a href="15"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="index.html#16">By Thread</a>
<a href="12"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<form class="nst-search center" action="/search/fulldisclosure">
<input class="nst-search-q" name="q" type="search" placeholder="List Archive Search">
<button class="nst-search-button" title="Search">
<img style="width:100%;aspect-ratio:1/1;" alt="" aria-hidden="true" src="/shared/images/nst-icons.svg#search">
</button>
</form>
</div>
<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
<h1 class="m-title">APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0</h1>
<hr>
<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->
<em>From</em>: Apple Product Security via Fulldisclosure <fulldisclosure () seclists org>
<em>Date</em>: Tue, 13 Aug 2019 14:12:40 -0700
<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->
<hr>
<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
<pre style="margin: 0em;">-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0
SwiftNIO HTTP/2 1.5.0 is now available and addresses the following:
SwiftNIO HTTP/2
Available for: SwiftNIO HTTP/2 1.0.0 through 1.4.0 on
macOS Sierra 10.12 and later and Ubuntu 14.04 and later
Impact: A HTTP/2 server may consume unbounded amounts of memory when
receiving certain traffic patterns and eventually suffer resource
exhaustion
Description: This issue was addressed with improved buffer size
management.
CVE-2019-9512: Jonathan Looney of Netflix
CVE-2019-9514: Jonathan Looney of Netflix
CVE-2019-9515: Jonathan Looney of Netflix
CVE-2019-9516: Jonathan Looney of Netflix
SwiftNIO HTTP/2
Available for: SwiftNIO HTTP/2 1.0.0 through 1.4.0 on
macOS Sierra 10.12 and later and Ubuntu 14.04 and later
Impact: A HTTP/2 server may consume excessive CPU resources when
receiving certain traffic patterns
Description: This issue was addressed with improved input validation.
CVE-2019-9518: Piotr Sikora of Google, Envoy Security Team
Installation note:
SwiftNIO HTTP/2 1.5.0 may be obtained via Swift Package Manager.
Information will also be posted to the Apple Security Updates
web site: <a rel="nofollow" href="https://support.apple.com/kb/HT201222">https://support.apple.com/kb/HT201222</a> and
<a rel="nofollow" href="https://github.com/apple/swift-nio-http2/releases/tag/1.5.0">https://github.com/apple/swift-nio-http2/releases/tag/1.5.0</a>.
This message is signed with Apple's Product Security PGP key,
and details are available at:
<a rel="nofollow" href="https://www.apple.com/support/security/pgp/">https://www.apple.com/support/security/pgp/</a>
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAl1S69ApHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3Elqw//
TAkt1t7YKV8hvLOUd/60+kTutSQMapp6y6+UxaHmCXVp8ftwDz92Z0YD1RdBETjc
NrsUHWgfoHpKQgZSzfCQLqmSvxwzVw2JD1OjUCdwLLf7B7nO6sBIkmJzQ62HHuse
Ixy0fm06HXt1buDAhpG/cmOHtJYS0kNYfTONkv9WGuvkqr7/neaiMcsIRLdwUsim
AJZYt0vzKvyG8hnKH0NRp1EygGf9OBoJMdp6e21xeQxj1xqFKV9jnn43/1yhdqvY
201dzY2zJ3UycM5ao4vQndFQkysATRojjHEY7U+RMu3WJsqA5hKjQH6vvZDaVjsq
8Bx1otGPUHhl7YusdYD2LI927+tNH1SZDStdCutuho4rs2PvVeHW5SBug4decYOw
0VEl/UaIitHoDuzFGMyu9ZYdutsHdLgsFC1FtK62l8/CMASJJsRL+MsBj9WZmtMk
KzqQYYbkD0f3MVzesxTjM9tAqrItGglevkzSGL7jXN9oVz/Qr/I3A9u9BcQbgYbS
nwem75bWYkTDiXznxDST+iafKFWZurt66J/Akd0KadioEq5cxP/fL65DBQjrpuWr
1CQPErEfJyO8ngyhYTul3mqNHUyPIyEymihYg8+StN2PZDhOvHurrpP3GiWV1y9H
lsOyDbNanEeqFlQMzG/94j8dexBtKLQTcWJn1nf/Q/4=
=FBOZ
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the Full Disclosure mailing list
<a rel="nofollow" href="https://nmap.org/mailman/listinfo/fulldisclosure">https://nmap.org/mailman/listinfo/fulldisclosure</a>
Web Archives & RSS: <a rel="nofollow" href="http://seclists.org/fulldisclosure/">http://seclists.org/fulldisclosure/</a>
</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
<div class="nav-bar">
<div class="nav-link">
<a href="15"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="date.html#16">By Date</a>
<a href="12"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<div class="nav-link">
<a href="15"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="index.html#16">By Thread</a>
<a href="12"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
</div>
<h3 class="m-thread">Current thread:</h3>
<ul class="thread">
<li><strong>APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0</strong> <em>Apple Product Security via Fulldisclosure (Aug 16)</em>
</li></ul>
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
<p>