ELA-984-1 nghttp2 security update

Debian 9921 Published by

A nghttp2 security update has been released for Debian GNU/Linux 9 Extended LTS to address a flaw in the HTTP2 protocol.



ELA-984-1 nghttp2 security update

Package : nghttp2
Version : 1.18.1-1+deb9u3 (stretch)

Related CVEs :
CVE-2023-44487

CVE-2023-44487 describes flaw in the HTTP2 protocol allows an attacker to rapidly creating and cancelling streams by sending a HEADERS frame
immediately followed by a RST_STREAM. This can cause a denial of service due to resource exhaustion.
The applied patches mitigates this flaw by rate limiting the cancellation of streams and disconnect the client when this limits are exceeded.

ELA-984-1 nghttp2 security update


Linux Kernel 6.1.58 released

ELA-983-1 python-reportlab security update

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.orgĀ  I ...