UBUNTU-CVE-2019-9515

See a problem?

Source

https://ubuntu.com/security/notices/UBUNTU-CVE-2019-9515

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-9515.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2019-9515

Related

Published

2019-08-13T00:00:00Z

Modified

2019-08-13T00:00:00Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.

References

Affected packages

Ubuntu:Pro:16.04:LTS / golang-google-grpc

Package

Name: golang-google-grpc

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.0~git20150514.0.f5ebd86-1

0.0~git20150514.0.f5ebd86-2

0.0~git20151002.0.3e7b7e5-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:16.04:LTS / grpc

Package

Name: grpc

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.10.2-1

0.11.1-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:16.04:LTS / trafficserver

Package

Name: trafficserver

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.3.0-2ubuntu1

5.3.0-2ubuntu2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:18.04:LTS / twisted

Package

Name: twisted
Purl: pkg:deb/ubuntu/twisted@17.9.0-2ubuntu0.1?arch=src?distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

17.9.0-2ubuntu0.1

Affected versions

16.*

16.6.0-2ubuntu3

17.*

17.9.0-1

17.9.0-2

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "python-twisted-bin-dbg": "17.9.0-2ubuntu0.1",
            "python-twisted-bin": "17.9.0-2ubuntu0.1",
            "python-twisted-words": "17.9.0-2ubuntu0.1",
            "python-twisted-web": "17.9.0-2ubuntu0.1",
            "python3-twisted": "17.9.0-2ubuntu0.1",
            "python-twisted-conch": "1:17.9.0-2ubuntu0.1",
            "python-twisted": "17.9.0-2ubuntu0.1",
            "python-twisted-news": "17.9.0-2ubuntu0.1",
            "python-twisted-runner-dbg": "17.9.0-2ubuntu0.1",
            "twisted-doc": "17.9.0-2ubuntu0.1",
            "python-twisted-names": "17.9.0-2ubuntu0.1",
            "python-twisted-mail": "17.9.0-2ubuntu0.1",
            "python3-twisted-bin": "17.9.0-2ubuntu0.1",
            "python-twisted-core": "17.9.0-2ubuntu0.1",
            "python3-twisted-bin-dbg": "17.9.0-2ubuntu0.1",
            "python-twisted-runner": "17.9.0-2ubuntu0.1"
        }
    ]
}

Ubuntu:Pro:18.04:LTS / golang-google-grpc

Package

Name: golang-google-grpc

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.0.4-1

1.6.0-2

1.6.0-3

1.6.0-3ubuntu0.18.04.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / grpc

Package

Name: grpc

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.3.2-1

1.3.2-1ubuntu1

1.3.2-1.1~build1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / h2o

Package

Name: h2o

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.2.3+dfsg-2

2.2.4+dfsg-1

2.2.4+dfsg-1build1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / netty

Package

Name: netty
Purl: pkg:deb/ubuntu/netty@1:4.1.7-4ubuntu0.1+esm1?arch=src?distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:4.1.7-4ubuntu0.1+esm1

Affected versions

1:4.*

1:4.1.7-4

1:4.1.7-4ubuntu0.1~esm1

1:4.1.7-4ubuntu0.1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "libnetty-java": "1:4.1.7-4ubuntu0.1+esm1"
        }
    ]
}

Ubuntu:Pro:18.04:LTS / trafficserver

Package

Name: trafficserver

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

7.*

7.0.0-5

7.1.2+ds-2

7.1.2+ds-2build1

7.1.2+ds-3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / golang-google-grpc

Package

Name: golang-google-grpc

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.22.1-1ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / grpc

Package

Name: grpc

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.16.1-1

1.16.1-1ubuntu1

1.16.1-1ubuntu3

1.16.1-1ubuntu4

1.16.1-1ubuntu5

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / h2o

Package

Name: h2o
Purl: pkg:deb/ubuntu/h2o@2.2.5+dfsg2-3?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.5+dfsg2-3

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "libh2o-dev": "2.2.5+dfsg2-3",
            "h2o-doc": "2.2.5+dfsg2-3",
            "libh2o0.13-dbgsym": "2.2.5+dfsg2-3",
            "libh2o-evloop0.13-dbgsym": "2.2.5+dfsg2-3",
            "libh2o-dev-common": "2.2.5+dfsg2-3",
            "h2o-dbgsym": "2.2.5+dfsg2-3",
            "libh2o-evloop0.13": "2.2.5+dfsg2-3",
            "libh2o0.13": "2.2.5+dfsg2-3",
            "h2o": "2.2.5+dfsg2-3",
            "libh2o-evloop-dev": "2.2.5+dfsg2-3"
        }
    ]
}

Ubuntu:20.04:LTS / netty

Package

Name: netty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:4.*

1:4.1.33-1

1:4.1.33-2

1:4.1.33-3

1:4.1.45-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / trafficserver

Package

Name: trafficserver
Purl: pkg:deb/ubuntu/trafficserver@8.0.5+ds-1?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.0.5+ds-1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "trafficserver": "8.0.5+ds-1",
            "trafficserver-dbgsym": "8.0.5+ds-1",
            "trafficserver-experimental-plugins": "8.0.5+ds-1",
            "trafficserver-experimental-plugins-dbgsym": "8.0.5+ds-1",
            "trafficserver-dev": "8.0.5+ds-1"
        }
    ]
}

Ubuntu:20.04:LTS / twisted

Package

Name: twisted
Purl: pkg:deb/ubuntu/twisted@18.9.0-6ubuntu1?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

18.9.0-6ubuntu1

Affected versions

18.*

18.9.0-3ubuntu1

18.9.0-5

18.9.0-6

18.9.0-6build1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "python-twisted-bin-dbg": "18.9.0-6ubuntu1",
            "python-twisted-bin": "18.9.0-6ubuntu1",
            "python-twisted-words": "18.9.0-6ubuntu1",
            "python-twisted-web": "18.9.0-6ubuntu1",
            "python3-twisted": "18.9.0-6ubuntu1",
            "python-twisted-conch": "1:18.9.0-6ubuntu1",
            "python-twisted": "18.9.0-6ubuntu1",
            "python-twisted-news": "18.9.0-6ubuntu1",
            "python-twisted-runner-dbg": "18.9.0-6ubuntu1",
            "twisted-doc": "18.9.0-6ubuntu1",
            "python-twisted-names": "18.9.0-6ubuntu1",
            "python-twisted-mail": "18.9.0-6ubuntu1",
            "python3-twisted-bin": "18.9.0-6ubuntu1",
            "python-twisted-core": "18.9.0-6ubuntu1",
            "python3-twisted-bin-dbg": "18.9.0-6ubuntu1",
            "python-twisted-runner": "18.9.0-6ubuntu1"
        }
    ]
}

Ubuntu:22.04:LTS / golang-google-grpc

Package

Name: golang-google-grpc

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.29.1-0ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / grpc

Package

Name: grpc

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.30.2-3

1.30.2-3build1

1.30.2-3build3

1.30.2-3build5

1.30.2-3build6

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / netty

Package

Name: netty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:4.*

1:4.1.48-4

1:4.1.48-4+deb11u1build0.22.04.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / golang-google-grpc

Package

Name: golang-google-grpc

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.38.0+really1.33.3-1build1

1.38.0+really1.33.3-1ubuntu0.24.04.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / grpc

Package

Name: grpc

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.51.1-3build3

1.51.1-3build4

1.51.1-4

1.51.1-4build1

1.51.1-4build2

1.51.1-4.1build3

1.51.1-4.1build4

1.51.1-4.1build5

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / netty

Package

Name: netty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:4.*

1:4.1.48-7

1:4.1.48-8

1:4.1.48-9

Ecosystem specific

{
    "ubuntu_priority": "medium"
}