Debian Bug report logs -
#935037
nginx: CVE-2019-9511 CVE-2019-9513 CVE-2019-9516
Package:
src:nginx;
Maintainer for src:nginx is Debian Nginx Maintainers <pkg-nginx-maintainers@alioth-listsdebiannet>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sun, 18 Aug 2019 12:33:01 UTC
Severity: grave
Tags: se ...
nginx could be made to crash if it received specially crafted network
traffic ...
Three vulnerabilities were discovered in the HTTP/2 code of Nginx, a
high-performance web and reverse proxy server, which could result in
denial of service
For the oldstable distribution (stretch), these problems have been fixed
in version 1103-1+deb9u3
For the stable distribution (buster), these problems have been fixed in
version 1142-2+deb ...
Multiple vulnerabilities were discovered in Nodejs, which could result in
denial of service or HTTP request smuggling
For the stable distribution (buster), these problems have been fixed in
version 10190~dfsg1-1
We recommend that you upgrade your nodejs packages
For the detailed security status of nodejs please refer to
its security tracker p ...
Two vulnerabilities were discovered in the HTTP/2 code of the nghttp2
HTTP server, which could result in denial of service
For the oldstable distribution (stretch), these problems have been fixed
in version 1181-1+deb9u1
For the stable distribution (buster), these problems have been fixed in
version 1360-2+deb10u1
We recommend that you upgra ...
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service The attacker requests a large amount of data from a specified resource over multiple streams They manipulate window size and stream priority to force the server to queue the data in 1-byte chunk ...
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service The attacker requests a large amount of data from a specified resource over multiple streams They manipulate window size and stream priority to force the server to queue the data in 1-byte chunk ...
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service The attacker requests a large amount of data from a specified resource over multiple streams They manipulate window size and stream priority to force the server to queue the data in 1-byte chunk ...
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service The attacker requests a large amount of data from a specified resource over multiple streams They manipulate window size and stream priority to force the server to queue the data in 1-byte chunk ...
Impact:
Important
Public Date:
2019-08-13
CWE:
CWE-400
Bugzilla:
1741860:
CVE-2019-9511 HTTP/2: large a ...
Synopsis
Important: rh-nginx112-nginx security update
Type/Severity
Security Advisory: Important
Topic
An update for rh-nginx112-nginx is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Synopsis
Important: nghttp2 security update
Type/Severity
Security Advisory: Important
Topic
An update for nghttp2 is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, ...
Synopsis
Important: rh-nginx110-nginx security update
Type/Severity
Security Advisory: Important
Topic
An update for rh-nginx110-nginx is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Synopsis
Important: nginx:114 security update
Type/Severity
Security Advisory: Important
Topic
An update for the nginx:114 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System ( ...
Synopsis
Important: httpd24-httpd and httpd24-nghttp2 security update
Type/Severity
Security Advisory: Important
Topic
An update for httpd24-httpd and httpd24-nghttp2 is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A ...
Synopsis
Important: rh-nginx114-nginx security update
Type/Severity
Security Advisory: Important
Topic
An update for rh-nginx114-nginx is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Synopsis
Important: Red Hat OpenShift Service Mesh 101 RPMs
Type/Severity
Security Advisory: Important
Topic
Red Hat OpenShift Service Mesh 101Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a ...
Synopsis
Important: Red Hat JBoss Enterprise Application Platform 725 security update
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 72Red Hat Product Security has rated this update as having a security impact of Important A ...
Synopsis
Important: rh-nodejs10-nodejs security update
Type/Severity
Security Advisory: Important
Topic
An update for rh-nodejs10-nodejs is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...
Synopsis
Important: rh-nodejs8-nodejs security update
Type/Severity
Security Advisory: Important
Topic
An update for rh-nodejs8-nodejs is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Synopsis
Important: Red Hat Quay v311 security update
Type/Severity
Security Advisory: Important
Topic
Updated Quay packages that fix several bugs and add various enhancements are now availableRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability ...
Synopsis
Important: Red Hat JBoss Enterprise Application Platform 725 on RHEL 7 security update
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 72 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as ...
Synopsis
Important: Red Hat JBoss Core Services Apache HTTP Server 2437 Security Release
Type/Severity
Security Advisory: Important
Topic
Red Hat JBoss Core Services Pack Apache Server 2437 zip releasefor RHEL 6, RHEL 7 and Microsoft Windows is availableRed Hat Product Security has rated this update as ...
Synopsis
Important: Red Hat JBoss Core Services Apache HTTP Server 2437 Security Release on RHEL 6
Type/Severity
Security Advisory: Important
Topic
Updated packages that provide Red Hat JBoss Core Services Pack Apache Server 2437 and fix several bugs, and add various enhancements are now available for R ...
Synopsis
Important: Red Hat JBoss Core Services Apache HTTP Server 2437 Security Release on RHEL 7
Type/Severity
Security Advisory: Important
Topic
An update is now available for JBoss Core Services on RHEL 7Red Hat Product Security has rated this update as having a security impact of Important A Common ...
Synopsis
Important: Red Hat JBoss Enterprise Application Platform 725 on RHEL 8 security update
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 72 for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as ...
Synopsis
Important: Red Hat JBoss Enterprise Application Platform 725 on RHEL 6 security update
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 72 for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as ...
Synopsis
Important: EAP Continuous Delivery Technical Preview Release 18 security update
Type/Severity
Security Advisory: Important
Topic
This is a security update for JBoss EAP Continuous Delivery 180Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnera ...
Synopsis
Important: Red Hat AMQ Broker 76 release and security update
Type/Severity
Security Advisory: Important
Topic
Red Hat AMQ Broker 76 is now available from the Red Hat Customer PortalRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Sco ...
Synopsis
Important: nodejs:10 security update
Type/Severity
Security Advisory: Important
Topic
An update for the nodejs:10 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CV ...
Synopsis
Important: Red Hat AMQ Broker 743 release and security update
Type/Severity
Security Advisory: Important
Topic
Red Hat AMQ Broker 743 is now available from the Red Hat Customer PortalRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability ...
Synopsis
Important: Red Hat build of Thorntail 251 security and bug fix update
Type/Severity
Security Advisory: Important
Topic
An update is now available for Red Hat build of ThorntailRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...
Synopsis
Important: Red Hat Fuse 770 release and security update
Type/Severity
Security Advisory: Important
Topic
A minor version update (from 76 to 77) is now available for Red Hat Fuse The purpose of this text-only errata is to inform you about the security issues fixed in this releaseRed Hat Produc ...
An issue has been found in several HTTP/2 implementations, where the attacker requests a large amount of data from a specified resource over multiple streams They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks Depending on how efficiently this data is queued, this can consume excess CPU, memory, ...