Debian Bug report logs -
#935037
nginx: CVE-2019-9511 CVE-2019-9513 CVE-2019-9516
Package:
src:nginx;
Maintainer for src:nginx is Debian Nginx Maintainers <pkg-nginx-maintainers@alioth-listsdebiannet>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sun, 18 Aug 2019 12:33:01 UTC
Severity: grave
Tags: se ...
nginx could be made to crash if it received specially crafted network
traffic ...
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service The attacker requests a large amount of data from a specified resource over multiple streams They manipulate window size and stream priority to force the server to queue the data in 1-byte chunk ...
Two vulnerabilities were discovered in the HTTP/2 code of the nghttp2
HTTP server, which could result in denial of service
For the oldstable distribution (stretch), these problems have been fixed
in version 1181-1+deb9u1
For the stable distribution (buster), these problems have been fixed in
version 1360-2+deb10u1
We recommend that you upgra ...
Three vulnerabilities were discovered in the HTTP/2 code of Nginx, a
high-performance web and reverse proxy server, which could result in
denial of service
For the oldstable distribution (stretch), these problems have been fixed
in version 1103-1+deb9u3
For the stable distribution (buster), these problems have been fixed in
version 1142-2+deb ...
Multiple vulnerabilities were discovered in Nodejs, which could result in
denial of service or HTTP request smuggling
For the stable distribution (buster), these problems have been fixed in
version 10190~dfsg1-1
We recommend that you upgrade your nodejs packages
For the detailed security status of nodejs please refer to
its security tracker p ...
Impact:
Important
Public Date:
2019-08-13
CWE:
CWE-400
Bugzilla:
1735741:
CVE-2019-9513 istio/envoy: HT ...
Synopsis
Important: Red Hat Fuse 760 security update
Type/Severity
Security Advisory: Important
Topic
A minor version update (from 75 to 76) is now available for Red Hat Fuse The purpose of this text-only errata is to inform you about the security issues fixed in this releaseRed Hat Product Security h ...
Synopsis
Important: rh-nginx112-nginx security update
Type/Severity
Security Advisory: Important
Topic
An update for rh-nginx112-nginx is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Synopsis
Important: Red Hat JBoss Core Services Apache HTTP Server 2437 Security Release on RHEL 6
Type/Severity
Security Advisory: Important
Topic
Updated packages that provide Red Hat JBoss Core Services Pack Apache Server 2437 and fix several bugs, and add various enhancements are now available for R ...
Synopsis
Important: Red Hat JBoss Core Services Apache HTTP Server 2437 Security Release on RHEL 7
Type/Severity
Security Advisory: Important
Topic
An update is now available for JBoss Core Services on RHEL 7Red Hat Product Security has rated this update as having a security impact of Important A Common ...
Synopsis
Important: rh-nodejs10-nodejs security update
Type/Severity
Security Advisory: Important
Topic
An update for rh-nodejs10-nodejs is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...
Synopsis
Important: rh-nodejs8-nodejs security update
Type/Severity
Security Advisory: Important
Topic
An update for rh-nodejs8-nodejs is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Synopsis
Important: nodejs:10 security update
Type/Severity
Security Advisory: Important
Topic
An update for the nodejs:10 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CV ...
Synopsis
Important: rh-nginx110-nginx security update
Type/Severity
Security Advisory: Important
Topic
An update for rh-nginx110-nginx is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Synopsis
Important: httpd24-httpd and httpd24-nghttp2 security update
Type/Severity
Security Advisory: Important
Topic
An update for httpd24-httpd and httpd24-nghttp2 is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A ...
Synopsis
Important: Red Hat Quay v311 security update
Type/Severity
Security Advisory: Important
Topic
Updated Quay packages that fix several bugs and add various enhancements are now availableRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability ...
Synopsis
Important: Red Hat OpenShift Service Mesh 101 RPMs
Type/Severity
Security Advisory: Important
Topic
Red Hat OpenShift Service Mesh 101Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a ...
Synopsis
Important: nginx:114 security update
Type/Severity
Security Advisory: Important
Topic
An update for the nginx:114 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System ( ...
Synopsis
Important: nghttp2 security update
Type/Severity
Security Advisory: Important
Topic
An update for nghttp2 is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, ...
Synopsis
Important: rh-nginx114-nginx security update
Type/Severity
Security Advisory: Important
Topic
An update for rh-nginx114-nginx is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Synopsis
Important: Red Hat JBoss Core Services Apache HTTP Server 2437 Security Release
Type/Severity
Security Advisory: Important
Topic
Red Hat JBoss Core Services Pack Apache Server 2437 zip releasefor RHEL 6, RHEL 7 and Microsoft Windows is availableRed Hat Product Security has rated this update as ...
An issue has been found in several HTTP/2 implementations, where the attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree This can consume excess CPU, potentially leading to a denial of service ...
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service The attacker requests a large amount of data from a specified resource over multiple streams They manipulate window size and stream priority to force the server to queue the data in 1-byte chunk ...
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service The attacker requests a large amount of data from a specified resource over multiple streams They manipulate window size and stream priority to force the server to queue the data in 1-byte chunk ...