1. Home
  2. Security Advisories
  3. Red Hat
  4. RHSA-2023:5837

[RHSA-2023:5837] nghttp2 security update

Severity Important
Affected Packages 14
CVEs 1
Info Packages References Vulnerabilities

nghttp2 contains the Hypertext Transfer Protocol version 2 (HTTP/2) client, server, and proxy programs as well as a library implementing the HTTP/2 protocol in C.

Security Fix(es):

  • HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Package Affected Version
pkg:rpm/redhat/nghttp2?arch=x86_64&distro=redhat-8.8 < 1.33.0-5.el8_8
pkg:rpm/redhat/nghttp2?arch=s390x&distro=redhat-8.8 < 1.33.0-5.el8_8
pkg:rpm/redhat/nghttp2?arch=ppc64le&distro=redhat-8.8 < 1.33.0-5.el8_8
pkg:rpm/redhat/nghttp2?arch=aarch64&distro=redhat-8.8 < 1.33.0-5.el8_8
pkg:rpm/redhat/libnghttp2?arch=x86_64&distro=redhat-8.8 < 1.33.0-5.el8_8
pkg:rpm/redhat/libnghttp2?arch=s390x&distro=redhat-8.8 < 1.33.0-5.el8_8
pkg:rpm/redhat/libnghttp2?arch=ppc64le&distro=redhat-8.8 < 1.33.0-5.el8_8
pkg:rpm/redhat/libnghttp2?arch=i686&distro=redhat-8.8 < 1.33.0-5.el8_8
pkg:rpm/redhat/libnghttp2?arch=aarch64&distro=redhat-8.8 < 1.33.0-5.el8_8
pkg:rpm/redhat/libnghttp2-devel?arch=x86_64&distro=redhat-8.8 < 1.33.0-5.el8_8
pkg:rpm/redhat/libnghttp2-devel?arch=s390x&distro=redhat-8.8 < 1.33.0-5.el8_8
pkg:rpm/redhat/libnghttp2-devel?arch=ppc64le&distro=redhat-8.8 < 1.33.0-5.el8_8
pkg:rpm/redhat/libnghttp2-devel?arch=i686&distro=redhat-8.8 < 1.33.0-5.el8_8
pkg:rpm/redhat/libnghttp2-devel?arch=aarch64&distro=redhat-8.8 < 1.33.0-5.el8_8
ID
RHSA-2023:5837
Severity
important
URL
https://access.redhat.com/errata/RHSA-2023:5837
Published
2023-10-18T00:00:00
(11 months ago)
Modified
2023-10-18T00:00:00
(11 months ago)
Rights
Copyright 2023 Red Hat, Inc.
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/redhat/nghttp2?arch=x86_64&distro=redhat-8.8 redhat nghttp2 < 1.33.0-5.el8_8 redhat-8.8 x86_64
Affected pkg:rpm/redhat/nghttp2?arch=s390x&distro=redhat-8.8 redhat nghttp2 < 1.33.0-5.el8_8 redhat-8.8 s390x
Affected pkg:rpm/redhat/nghttp2?arch=ppc64le&distro=redhat-8.8 redhat nghttp2 < 1.33.0-5.el8_8 redhat-8.8 ppc64le
Affected pkg:rpm/redhat/nghttp2?arch=aarch64&distro=redhat-8.8 redhat nghttp2 < 1.33.0-5.el8_8 redhat-8.8 aarch64
Affected pkg:rpm/redhat/libnghttp2?arch=x86_64&distro=redhat-8.8 redhat libnghttp2 < 1.33.0-5.el8_8 redhat-8.8 x86_64
Affected pkg:rpm/redhat/libnghttp2?arch=s390x&distro=redhat-8.8 redhat libnghttp2 < 1.33.0-5.el8_8 redhat-8.8 s390x
Affected pkg:rpm/redhat/libnghttp2?arch=ppc64le&distro=redhat-8.8 redhat libnghttp2 < 1.33.0-5.el8_8 redhat-8.8 ppc64le
Affected pkg:rpm/redhat/libnghttp2?arch=i686&distro=redhat-8.8 redhat libnghttp2 < 1.33.0-5.el8_8 redhat-8.8 i686
Affected pkg:rpm/redhat/libnghttp2?arch=aarch64&distro=redhat-8.8 redhat libnghttp2 < 1.33.0-5.el8_8 redhat-8.8 aarch64
Affected pkg:rpm/redhat/libnghttp2-devel?arch=x86_64&distro=redhat-8.8 redhat libnghttp2-devel < 1.33.0-5.el8_8 redhat-8.8 x86_64
Affected pkg:rpm/redhat/libnghttp2-devel?arch=s390x&distro=redhat-8.8 redhat libnghttp2-devel < 1.33.0-5.el8_8 redhat-8.8 s390x
Affected pkg:rpm/redhat/libnghttp2-devel?arch=ppc64le&distro=redhat-8.8 redhat libnghttp2-devel < 1.33.0-5.el8_8 redhat-8.8 ppc64le
Affected pkg:rpm/redhat/libnghttp2-devel?arch=i686&distro=redhat-8.8 redhat libnghttp2-devel < 1.33.0-5.el8_8 redhat-8.8 i686
Affected pkg:rpm/redhat/libnghttp2-devel?arch=aarch64&distro=redhat-8.8 redhat libnghttp2-devel < 1.33.0-5.el8_8 redhat-8.8 aarch64
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date