Red Hat Product Errata RHSA-2023:5767 - Security Advisory
Issued:
2023-10-17
Updated:
2023-10-17

RHSA-2023:5767 - Security Advisory

Synopsis

Important: nghttp2 security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for nghttp2 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

nghttp2 contains the Hypertext Transfer Protocol version 2 (HTTP/2) client, server, and proxy programs as well as a library implementing the HTTP/2 protocol in C.

Security Fix(es):

  • HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server - AUS 8.2 x86_64
  • Red Hat Enterprise Linux Server - TUS 8.2 x86_64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2 x86_64

Fixes

  • BZ - 2242803 - CVE-2023-44487 HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)

Red Hat Enterprise Linux Server - AUS 8.2

SRPM
nghttp2-1.33.0-3.el8_2.2.src.rpm SHA-256: 79b971bc8e8b71a0ebfc9b61f8a0354a9cbaa543735cfe80d77cccd49aeae25a
x86_64
libnghttp2-1.33.0-3.el8_2.2.i686.rpm SHA-256: 3d11ff6b85dcd92264bc0121005963cb775b14f93c1f631e798cce7fcde11e01
libnghttp2-1.33.0-3.el8_2.2.x86_64.rpm SHA-256: 46306f2d7d0c3825b3abe933224916b87d7e720b9e326abfb3a3929bbc565469
libnghttp2-debuginfo-1.33.0-3.el8_2.2.i686.rpm SHA-256: 8393274bca918fe1ffbd1cf00a2cf37328cae905fb271dba7897cf9d38a1a3b6
libnghttp2-debuginfo-1.33.0-3.el8_2.2.x86_64.rpm SHA-256: c30fb9f72d46369d00c3d4750b86530ffebd4a146cc67ba50c174c522cda4ea5
nghttp2-debuginfo-1.33.0-3.el8_2.2.i686.rpm SHA-256: 1bf03f604ff4af9437d07cb3185f6b8a9307d2faaebb88424aa1785eaa76d9f9
nghttp2-debuginfo-1.33.0-3.el8_2.2.x86_64.rpm SHA-256: b42f145b32be1bea53b901885d26af283124f5e0fca64d4dbd3d7b3eafa42ff9
nghttp2-debugsource-1.33.0-3.el8_2.2.i686.rpm SHA-256: f5b02c0fe7dfadda0264b2ff0f839181282f13923e692d9ab37193415a5de32c
nghttp2-debugsource-1.33.0-3.el8_2.2.x86_64.rpm SHA-256: 4ef9f054689f84b4cb25153adee0df3e6d656001ee0f1f49ed47dd3aaa032751

Red Hat Enterprise Linux Server - TUS 8.2

SRPM
nghttp2-1.33.0-3.el8_2.2.src.rpm SHA-256: 79b971bc8e8b71a0ebfc9b61f8a0354a9cbaa543735cfe80d77cccd49aeae25a
x86_64
libnghttp2-1.33.0-3.el8_2.2.i686.rpm SHA-256: 3d11ff6b85dcd92264bc0121005963cb775b14f93c1f631e798cce7fcde11e01
libnghttp2-1.33.0-3.el8_2.2.x86_64.rpm SHA-256: 46306f2d7d0c3825b3abe933224916b87d7e720b9e326abfb3a3929bbc565469
libnghttp2-debuginfo-1.33.0-3.el8_2.2.i686.rpm SHA-256: 8393274bca918fe1ffbd1cf00a2cf37328cae905fb271dba7897cf9d38a1a3b6
libnghttp2-debuginfo-1.33.0-3.el8_2.2.x86_64.rpm SHA-256: c30fb9f72d46369d00c3d4750b86530ffebd4a146cc67ba50c174c522cda4ea5
nghttp2-debuginfo-1.33.0-3.el8_2.2.i686.rpm SHA-256: 1bf03f604ff4af9437d07cb3185f6b8a9307d2faaebb88424aa1785eaa76d9f9
nghttp2-debuginfo-1.33.0-3.el8_2.2.x86_64.rpm SHA-256: b42f145b32be1bea53b901885d26af283124f5e0fca64d4dbd3d7b3eafa42ff9
nghttp2-debugsource-1.33.0-3.el8_2.2.i686.rpm SHA-256: f5b02c0fe7dfadda0264b2ff0f839181282f13923e692d9ab37193415a5de32c
nghttp2-debugsource-1.33.0-3.el8_2.2.x86_64.rpm SHA-256: 4ef9f054689f84b4cb25153adee0df3e6d656001ee0f1f49ed47dd3aaa032751

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2

SRPM
nghttp2-1.33.0-3.el8_2.2.src.rpm SHA-256: 79b971bc8e8b71a0ebfc9b61f8a0354a9cbaa543735cfe80d77cccd49aeae25a
ppc64le
libnghttp2-1.33.0-3.el8_2.2.ppc64le.rpm SHA-256: efbf9b0cc3b0e5999976c3e6ff47bb4700c5abfa086689e45d88a6fe2129175e
libnghttp2-debuginfo-1.33.0-3.el8_2.2.ppc64le.rpm SHA-256: c5de44ae0869650551ce00a783acdf67f50672bc754e09ac518b5a3270c224e7
nghttp2-debuginfo-1.33.0-3.el8_2.2.ppc64le.rpm SHA-256: b40f17b42e2e1a1fcc845205610b32edfd2c0c6e9442691225b2dc114348ec6a
nghttp2-debugsource-1.33.0-3.el8_2.2.ppc64le.rpm SHA-256: d876e672f8cc780b3447b526db12e1468b2ebc81609e0e04fe56ca9ee14f933c

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2

SRPM
nghttp2-1.33.0-3.el8_2.2.src.rpm SHA-256: 79b971bc8e8b71a0ebfc9b61f8a0354a9cbaa543735cfe80d77cccd49aeae25a
x86_64
libnghttp2-1.33.0-3.el8_2.2.i686.rpm SHA-256: 3d11ff6b85dcd92264bc0121005963cb775b14f93c1f631e798cce7fcde11e01
libnghttp2-1.33.0-3.el8_2.2.x86_64.rpm SHA-256: 46306f2d7d0c3825b3abe933224916b87d7e720b9e326abfb3a3929bbc565469
libnghttp2-debuginfo-1.33.0-3.el8_2.2.i686.rpm SHA-256: 8393274bca918fe1ffbd1cf00a2cf37328cae905fb271dba7897cf9d38a1a3b6
libnghttp2-debuginfo-1.33.0-3.el8_2.2.x86_64.rpm SHA-256: c30fb9f72d46369d00c3d4750b86530ffebd4a146cc67ba50c174c522cda4ea5
nghttp2-debuginfo-1.33.0-3.el8_2.2.i686.rpm SHA-256: 1bf03f604ff4af9437d07cb3185f6b8a9307d2faaebb88424aa1785eaa76d9f9
nghttp2-debuginfo-1.33.0-3.el8_2.2.x86_64.rpm SHA-256: b42f145b32be1bea53b901885d26af283124f5e0fca64d4dbd3d7b3eafa42ff9
nghttp2-debugsource-1.33.0-3.el8_2.2.i686.rpm SHA-256: f5b02c0fe7dfadda0264b2ff0f839181282f13923e692d9ab37193415a5de32c
nghttp2-debugsource-1.33.0-3.el8_2.2.x86_64.rpm SHA-256: 4ef9f054689f84b4cb25153adee0df3e6d656001ee0f1f49ed47dd3aaa032751

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.