Debian Bug report logs -
#935037
nginx: CVE-2019-9511 CVE-2019-9513 CVE-2019-9516
Package:
src:nginx;
Maintainer for src:nginx is Debian Nginx Maintainers <pkg-nginx-maintainers@alioth-listsdebiannet>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sun, 18 Aug 2019 12:33:01 UTC
Severity: grave
Tags: se ...
nginx could be made to crash if it received specially crafted network
traffic ...
Three vulnerabilities were discovered in the HTTP/2 code of Nginx, a
high-performance web and reverse proxy server, which could result in
denial of service
For the oldstable distribution (stretch), these problems have been fixed
in version 1103-1+deb9u3
For the stable distribution (buster), these problems have been fixed in
version 1142-2+deb ...
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service The attacker requests a large amount of data from a specified resource over multiple streams They manipulate window size and stream priority to force the server to queue the data in 1-byte chunk ...
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service The attacker requests a large amount of data from a specified resource over multiple streams They manipulate window size and stream priority to force the server to queue the data in 1-byte chunk ...
Impact:
Important
Public Date:
2019-08-13
CWE:
CWE-400
Bugzilla:
1741864:
CVE-2019-9516 HTTP/2: 0-lengt ...
Synopsis
Important: Red Hat JBoss Core Services Apache HTTP Server 2429 SP3 security update
Type/Severity
Security Advisory: Important
Topic
Red Hat JBoss Core Services Pack Apache Server 2429 Service Pack 3 packages for RHEL 6, RHEL 7, Microsoft Windows and Oracle Solaris are now availableRed Hat Prod ...
Synopsis
Important: Red Hat JBoss Core Services Apache HTTP Server 2429 SP3 security update
Type/Severity
Security Advisory: Important
Topic
An update is now available for JBoss Core Services on RHEL 6 and RHEL 7Red Hat Product Security has rated this update as having a security impact of Important A Co ...
Synopsis
Important: Red Hat Fuse 760 security update
Type/Severity
Security Advisory: Important
Topic
A minor version update (from 75 to 76) is now available for Red Hat Fuse The purpose of this text-only errata is to inform you about the security issues fixed in this releaseRed Hat Product Security h ...
Synopsis
Important: rh-nginx112-nginx security update
Type/Severity
Security Advisory: Important
Topic
An update for rh-nginx112-nginx is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Synopsis
Important: Red Hat JBoss Core Services Apache HTTP Server 2437 Security Release on RHEL 6
Type/Severity
Security Advisory: Important
Topic
Updated packages that provide Red Hat JBoss Core Services Pack Apache Server 2437 and fix several bugs, and add various enhancements are now available for R ...
Synopsis
Important: Red Hat JBoss Core Services Apache HTTP Server 2437 Security Release on RHEL 7
Type/Severity
Security Advisory: Important
Topic
An update is now available for JBoss Core Services on RHEL 7Red Hat Product Security has rated this update as having a security impact of Important A Common ...
Synopsis
Important: rh-nodejs10-nodejs security update
Type/Severity
Security Advisory: Important
Topic
An update for rh-nodejs10-nodejs is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...
Synopsis
Important: rh-nodejs8-nodejs security update
Type/Severity
Security Advisory: Important
Topic
An update for rh-nodejs8-nodejs is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Synopsis
Important: nodejs:10 security update
Type/Severity
Security Advisory: Important
Topic
An update for the nodejs:10 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CV ...
Synopsis
Important: Red Hat AMQ Broker 743 release and security update
Type/Severity
Security Advisory: Important
Topic
Red Hat AMQ Broker 743 is now available from the Red Hat Customer PortalRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability ...
Synopsis
Important: rh-nginx110-nginx security update
Type/Severity
Security Advisory: Important
Topic
An update for rh-nginx110-nginx is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Synopsis
Important: Red Hat Quay v311 security update
Type/Severity
Security Advisory: Important
Topic
Updated Quay packages that fix several bugs and add various enhancements are now availableRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability ...
Synopsis
Important: nginx:114 security update
Type/Severity
Security Advisory: Important
Topic
An update for the nginx:114 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System ( ...
Synopsis
Important: Red Hat AMQ Broker 76 release and security update
Type/Severity
Security Advisory: Important
Topic
Red Hat AMQ Broker 76 is now available from the Red Hat Customer PortalRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Sco ...
Synopsis
Important: rh-nginx114-nginx security update
Type/Severity
Security Advisory: Important
Topic
An update for rh-nginx114-nginx is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Synopsis
Important: Red Hat JBoss Core Services Apache HTTP Server 2437 Security Release
Type/Severity
Security Advisory: Important
Topic
Red Hat JBoss Core Services Pack Apache Server 2437 zip releasefor RHEL 6, RHEL 7 and Microsoft Windows is availableRed Hat Product Security has rated this update as ...
An issue has been found in several HTTP/2 implementations, where the attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers Some implementations allocate memory for these headers and keep the allocation alive until the session dies This can consume excess ...