Описание
Security update for nghttp2
This update for nghttp2 fixes the following issues:
- CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399)
Список пакетов
Container suse/ltss/sle12.5/sles12sp5:latest
libnghttp2-14-1.39.2-3.18.1
Container suse/sles12sp5:latest
libnghttp2-14-1.39.2-3.18.1
Image SLES12-SP5-Azure-BYOS
libnghttp2-14-1.39.2-3.18.1
Image SLES12-SP5-Azure-Basic-On-Demand
libnghttp2-14-1.39.2-3.18.1
Image SLES12-SP5-Azure-HPC-BYOS
libnghttp2-14-1.39.2-3.18.1
Image SLES12-SP5-Azure-HPC-On-Demand
libnghttp2-14-1.39.2-3.18.1
Image SLES12-SP5-Azure-SAP-BYOS
libnghttp2-14-1.39.2-3.18.1
Image SLES12-SP5-Azure-SAP-On-Demand
libnghttp2-14-1.39.2-3.18.1
Image SLES12-SP5-Azure-Standard-On-Demand
libnghttp2-14-1.39.2-3.18.1
Image SLES12-SP5-EC2-BYOS
libnghttp2-14-1.39.2-3.18.1
Image SLES12-SP5-EC2-ECS-On-Demand
libnghttp2-14-1.39.2-3.18.1
Image SLES12-SP5-EC2-On-Demand
libnghttp2-14-1.39.2-3.18.1
Image SLES12-SP5-EC2-SAP-BYOS
libnghttp2-14-1.39.2-3.18.1
Image SLES12-SP5-EC2-SAP-On-Demand
libnghttp2-14-1.39.2-3.18.1
Image SLES12-SP5-GCE-BYOS
libnghttp2-14-1.39.2-3.18.1
Image SLES12-SP5-GCE-On-Demand
libnghttp2-14-1.39.2-3.18.1
Image SLES12-SP5-GCE-SAP-BYOS
libnghttp2-14-1.39.2-3.18.1
Image SLES12-SP5-GCE-SAP-On-Demand
libnghttp2-14-1.39.2-3.18.1
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
libnghttp2-14-1.39.2-3.18.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
libnghttp2-14-1.39.2-3.18.1
SUSE Linux Enterprise Server 12 SP5
libnghttp2-14-1.39.2-3.18.1
libnghttp2-14-32bit-1.39.2-3.18.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
libnghttp2-14-1.39.2-3.18.1
libnghttp2-14-32bit-1.39.2-3.18.1
SUSE Linux Enterprise Software Development Kit 12 SP5
libnghttp2-devel-1.39.2-3.18.1
Ссылки
- Link for SUSE-SU-2024:1156-1
- E-Mail link for SUSE-SU-2024:1156-1
- SUSE Security Ratings
- SUSE Bug 1221399
- SUSE CVE CVE-2024-28182 page
Описание
nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it accepts per stream. There is no workaround for this vulnerability.
Затронутые продукты
Container suse/ltss/sle12.5/sles12sp5:latest:libnghttp2-14-1.39.2-3.18.1
Container suse/sles12sp5:latest:libnghttp2-14-1.39.2-3.18.1
Image SLES12-SP5-Azure-BYOS:libnghttp2-14-1.39.2-3.18.1
Image SLES12-SP5-Azure-Basic-On-Demand:libnghttp2-14-1.39.2-3.18.1
Ссылки
- CVE-2024-28182
- SUSE Bug 1221399