nghttp2

rpm/nghttp2

SHA256

Fork 0

forked from pool/nghttp2

Commit Graph

Author	SHA256	Message	Date
Martin Pluskal	dc40b8ad08	Accepting request 724578 from home:adamm:branches:devel:libraries:c_c++ - Update to version 1.39.2 (bsc#1146184, bsc#1146182): * This release fixes CVE-2019-9511 “Data Dribble” and CVE-2019-9513 “Resource Loop” vulnerability in nghttpx and nghttpd. Specially crafted HTTP/2 frames cause Denial of Service by consuming CPU time. Check out https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md for details. For nghttpx, additionally limiting inbound traffic by --read-rate and --read-burst options is quite effective against this kind of attack. * Add nghttp2_option_set_max_outbound_ack API function * nghttpx: Fix request stall OBS-URL: https://build.opensuse.org/request/show/724578 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/nghttp2?expand=0&rev=96	2019-08-19 13:20:08 +00:00

Author

SHA256

Message

Date

Martin Pluskal

dc40b8ad08

Accepting request 724578 from home:adamm:branches:devel:libraries:c_c++

- Update to version 1.39.2 (bsc#1146184, bsc#1146182):
  * This release fixes CVE-2019-9511 “Data Dribble” and CVE-2019-9513
  “Resource Loop” vulnerability in nghttpx and nghttpd. Specially crafted HTTP/2
  frames cause Denial of Service by consuming CPU time. Check out
  https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
  for details. For nghttpx, additionally limiting inbound traffic by
  --read-rate and --read-burst options is quite effective against
  this kind of attack.
  * Add nghttp2_option_set_max_outbound_ack API function
  * nghttpx: Fix request stall

OBS-URL: https://build.opensuse.org/request/show/724578
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/nghttp2?expand=0&rev=96

2019-08-19 13:20:08 +00:00

1 Commits