SUSE-SU-2023:4200-1 | Mondoo Vulnerability Intelligence

SUSE-SU-2023:4200-1

UNKNOWN

Security update for nghttp2

Published Oct 25, 2023

Modified 2 years ago

Fix available

Details

This update for nghttp2 fixes the following issues:

CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174)

Affected Packages

libnghttp2-14

SUSE Enterprise Storage 7.1SUSE Linux Enterprise High Performance Computing 15 SP2-LTSSSUSE Linux Enterprise High Performance Computing 15 SP3-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP3-LTSSSUSE Linux Enterprise Micro 5.1

Fixed in:

1.40.0-150200.12.1

libnghttp2-14-32bit

Fixed in:

1.40.0-150200.12.1

libnghttp2-devel

Fixed in:

1.40.0-150200.12.1

libnghttp2_asio-devel

Fixed in:

1.40.0-150200.12.1

libnghttp2_asio1

Fixed in:

1.40.0-150200.12.1

nghttp2

Fixed in:

1.40.0-150200.12.1

libnghttp2_asio1-32bit

openSUSE Leap 15.4openSUSE Leap 15.5

Fixed in:

1.40.0-150200.12.1

nghttp2-python

openSUSE Leap 15.4openSUSE Leap 15.5

Fixed in:

1.40.0-150200.12.1

python3-nghttp2

openSUSE Leap 15.4openSUSE Leap 15.5

Fixed in:

1.40.0-150200.12.1

References

REPORT

https://bugzilla.suse.com/1216123

REPORT

https://bugzilla.suse.com/1216174

WEB

https://www.suse.com/security/cve/CVE-2023-44487

ADVISORY

https://www.suse.com/support/update/announcement/2023/suse-su-20234200-1/

Upstream

CVE-2023-44487

Ecosystems(21)

SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS SUSE Linux Enterprise Micro 5.1

Timeline

PublishedOct 25, 2023

ModifiedOct 25, 2023