Описание
Security update for nghttp2
This update for nghttp2 fixes the following vulnerabilities:
- CVE-2016-1544: A malicious remote attacker could have caused an Out of memory condition due to unlimited incoming HTTP header fields (boo#966514)
Список пакетов
openSUSE Leap 42.1
libnghttp2-14-1.3.4-3.1
libnghttp2-devel-1.3.4-3.1
libnghttp2_asio-devel-1.3.4-3.1
libnghttp2_asio1-1.3.4-3.1
nghttp2-1.3.4-3.1
nghttp2-doc-1.3.4-3.1
python-nghttp2-1.3.4-3.1
Ссылки
- E-Mail link for openSUSE-SU-2016:0675-1
- SUSE Security Ratings
Описание
nghttp2 before 1.7.1 allows remote attackers to cause a denial of service (memory exhaustion).
Затронутые продукты
openSUSE Leap 42.1:libnghttp2-14-1.3.4-3.1
openSUSE Leap 42.1:libnghttp2-devel-1.3.4-3.1
openSUSE Leap 42.1:libnghttp2_asio-devel-1.3.4-3.1
openSUSE Leap 42.1:libnghttp2_asio1-1.3.4-3.1
Ссылки
- CVE-2016-1544
- SUSE Bug 966514