Описание
ELSA-2023-5711: nginx security update (MODERATE)
[1:1.20.1-14.0.1.1]
- Resolves: RHEL-12518 - nginx: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
nginx
1.20.1-14.0.1.el9_2.1
nginx-all-modules
1.20.1-14.0.1.el9_2.1
nginx-core
1.20.1-14.0.1.el9_2.1
nginx-filesystem
1.20.1-14.0.1.el9_2.1
nginx-mod-devel
1.20.1-14.0.1.el9_2.1
nginx-mod-http-image-filter
1.20.1-14.0.1.el9_2.1
nginx-mod-http-perl
1.20.1-14.0.1.el9_2.1
nginx-mod-http-xslt-filter
1.20.1-14.0.1.el9_2.1
nginx-mod-mail
1.20.1-14.0.1.el9_2.1
nginx-mod-stream
1.20.1-14.0.1.el9_2.1
Oracle Linux x86_64
nginx
1.20.1-14.0.1.el9_2.1
nginx-all-modules
1.20.1-14.0.1.el9_2.1
nginx-core
1.20.1-14.0.1.el9_2.1
nginx-filesystem
1.20.1-14.0.1.el9_2.1
nginx-mod-devel
1.20.1-14.0.1.el9_2.1
nginx-mod-http-image-filter
1.20.1-14.0.1.el9_2.1
nginx-mod-http-perl
1.20.1-14.0.1.el9_2.1
nginx-mod-http-xslt-filter
1.20.1-14.0.1.el9_2.1
nginx-mod-mail
1.20.1-14.0.1.el9_2.1
nginx-mod-stream
1.20.1-14.0.1.el9_2.1
Связанные CVE
Связанные уязвимости
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
The HTTP/2 protocol allows a denial of service (server resource consum ...