ELA-490-1 nghttp2 security update

Debian 9911 Published 2021-10-02 06:29 by Philipp Esselbach

News

A nghttp2 security update has been released for Debian GNU/Linux 8 Extended LTS to address a denial of service issue.

ELA-490-1 nghttp2 security update

Package nghttp2
Version 0.6.4-2+deb8u1
Related CVEs CVE-2020-11080

An overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%.

For Debian 8 jessie, these problems have been fixed in version 0.6.4-2+deb8u1.

We recommend that you upgrade your nghttp2 packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/
ELA-490-1 nghttp2 security update

RLBA-2021:3540 .NET 5.0 bugfix update

How to Install Nginx on Debian 11

Windows

Software 42314
WSL2 Distro Manager 1.8.13 released
2024-04-29 05:43 by Philipp Esselbach
Software 42314
Simplewall 3.8.1 released
2024-04-28 07:24 by Philipp Esselbach
Software 42314
Winpilot 2024.5.3 released
2024-04-27 14:26 by Philipp Esselbach

Linux

Linux 2770
Linux Kernel 6.9-rc6 released
2024-04-29 07:51 by Philipp Esselbach
Debian 9911
Liquorix Linux Kernel 6.8-9 released
2024-04-29 07:45 by Philipp Esselbach
Software 42314
AM 6.6.4 released
2024-04-29 07:37 by Philipp Esselbach

macOS

Apple 10159
watchOS 10.5 Beta 3 released
2024-04-24 06:52 by Philipp Esselbach
Apple 10159
tvOS 17.5 Beta 3 released
2024-04-24 06:52 by Philipp Esselbach
Apple 10159
visionOS 1.2 Beta 3 released
2024-04-24 06:52 by Philipp Esselbach

Community

dhamu
Hello Phil, I have a Linux Tutorial website that curre ...
StephanX
Hi friends, i am new in the Linux universe but i try to ...
Philipp
I would try the XanMod kernel: https://xanmod.org I ...