MGASA-2024-0135

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2024-0135.html

Import Source

https://advisories.mageia.org/MGASA-2024-0135.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2024-0135

Related

CVE-2024-28182

Published

2024-04-17T02:13:57Z

Modified

2024-04-17T01:58:07Z

Summary

Updated nghttp2 packages fix security vulnerability

Details

nghttp2 library keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. This update fixes the issue. This is the latest release, which will bring some more fixes and improvements.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:9 / nghttp2

Package

Name: nghttp2
Purl: pkg:rpm/mageia/nghttp2?distro=mageia-9

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.61.0-1.mga9

Ecosystem specific

{
    "section": "core"
}