Issued:: 2023-10-17
Updated:: 2023-10-17

RHSA-2023:5770 - Security Advisory

Overview
Updated Packages

Synopsis

Important: nghttp2 security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for nghttp2 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

nghttp2 contains the Hypertext Transfer Protocol version 2 (HTTP/2) client, server, and proxy programs as well as a library implementing the HTTP/2 protocol in C.

Security Fix(es):

HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0 s390x
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0 ppc64le
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0 aarch64
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64
Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.0 x86_64
Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.0 ppc64le
Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.0 s390x
Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.0 aarch64
Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0 aarch64
Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0 s390x

Fixes

BZ - 2242803 - CVE-2023-44487 HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)

CVEs

CVE-2023-44487

References

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0

SRPM
nghttp2-1.43.0-5.el9_0.2.src.rpm	SHA-256: cf3c7e05996f03b2e0a48239401ba0302619ea3168e61e1038d0a0886b2b4284
x86_64
libnghttp2-1.43.0-5.el9_0.2.i686.rpm	SHA-256: c7b1b7fc6191aa7f43fdcca30f3771639b387d274d3b54db58d56da9b513d8b7
libnghttp2-1.43.0-5.el9_0.2.x86_64.rpm	SHA-256: 648d1ba75d5dafb3964780dec6e7c330c72ba70a62c30b24cea3098cd89db78d
libnghttp2-debuginfo-1.43.0-5.el9_0.2.i686.rpm	SHA-256: ba824361de150f3f366f0fdb3e0fd5d96fca37e8cd430ad105f106229cf42fb4
libnghttp2-debuginfo-1.43.0-5.el9_0.2.x86_64.rpm	SHA-256: 007d544ba8e929e50c24abb280d110930f7edc513b22fd06856deddfe49a2c71
nghttp2-debuginfo-1.43.0-5.el9_0.2.i686.rpm	SHA-256: 0c2752af34a99e1b555b6f5909e369fb95da620c2529f0c653f6b2fc2bc67853
nghttp2-debuginfo-1.43.0-5.el9_0.2.x86_64.rpm	SHA-256: bf5af45f21e5f312d50b8995ca42eba43411d3d56ee7a3a2aa60a2b25fe145ba
nghttp2-debugsource-1.43.0-5.el9_0.2.i686.rpm	SHA-256: 3fff1d118851c34eeb9cc2e5c76d196cde5d09fd51899a16fba733bc8537201b
nghttp2-debugsource-1.43.0-5.el9_0.2.x86_64.rpm	SHA-256: c70b28ec4cb42dd2863d062f7484ddafaed1492edeb99c45092b17f009259a8b

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0

SRPM
nghttp2-1.43.0-5.el9_0.2.src.rpm	SHA-256: cf3c7e05996f03b2e0a48239401ba0302619ea3168e61e1038d0a0886b2b4284
s390x
libnghttp2-1.43.0-5.el9_0.2.s390x.rpm	SHA-256: 03dc268e1f5fd29ff97f6725fb92dbf8f936aeee981f47ed3d5d2cd99d6b0a77
libnghttp2-debuginfo-1.43.0-5.el9_0.2.s390x.rpm	SHA-256: 976dab3c3b8fc40aa67c23257ab2f3f79d70d46a03c7d78cb22f027c088a48e4
nghttp2-debuginfo-1.43.0-5.el9_0.2.s390x.rpm	SHA-256: 579b1b7f07c959dc5288f59412522b9074c07a89224312cd08821731df8e47d2
nghttp2-debugsource-1.43.0-5.el9_0.2.s390x.rpm	SHA-256: 49d93305db926e17069cbb96358c0f1d0fb6e0bd0b645907b04d2e387885db1d

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0

SRPM
nghttp2-1.43.0-5.el9_0.2.src.rpm	SHA-256: cf3c7e05996f03b2e0a48239401ba0302619ea3168e61e1038d0a0886b2b4284
ppc64le
libnghttp2-1.43.0-5.el9_0.2.ppc64le.rpm	SHA-256: 3bddea3eb0fb6a501b79b5857cb46bc506681b3ebbd78938064eddb652ce8b21
libnghttp2-debuginfo-1.43.0-5.el9_0.2.ppc64le.rpm	SHA-256: b0c6171471f1053ece94cac2c1cf1de8c787b580035d66b601fcb88fa0cda5fc
nghttp2-debuginfo-1.43.0-5.el9_0.2.ppc64le.rpm	SHA-256: 2c7dc383eaadb445b109532eb60265a2c864401a26f513dab5bba93e9b3979b1
nghttp2-debugsource-1.43.0-5.el9_0.2.ppc64le.rpm	SHA-256: 6ccfa5d6f16275e4591d840148a30c7bcddc0853f6ac63e999e26e2b7f1d56fa

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0

SRPM
nghttp2-1.43.0-5.el9_0.2.src.rpm	SHA-256: cf3c7e05996f03b2e0a48239401ba0302619ea3168e61e1038d0a0886b2b4284
aarch64
libnghttp2-1.43.0-5.el9_0.2.aarch64.rpm	SHA-256: 93fb62a53793ff75b8409586e130d6734892f3d6e6744fb78f2ff71be487e816
libnghttp2-debuginfo-1.43.0-5.el9_0.2.aarch64.rpm	SHA-256: 7d205863359d7541635024c29a04be43c94c5fd539b9ca4419be026c321bec76
nghttp2-debuginfo-1.43.0-5.el9_0.2.aarch64.rpm	SHA-256: dfd3de4b895d059efead11fb16b0f84ae651c137d4e7d833c8a2e36fded40ca7
nghttp2-debugsource-1.43.0-5.el9_0.2.aarch64.rpm	SHA-256: 3ee073d102f1e64d3c6dfab8eae82f227d38ba7dd88ffe38d2f08becf9c91d60

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0

SRPM
nghttp2-1.43.0-5.el9_0.2.src.rpm	SHA-256: cf3c7e05996f03b2e0a48239401ba0302619ea3168e61e1038d0a0886b2b4284
ppc64le
libnghttp2-1.43.0-5.el9_0.2.ppc64le.rpm	SHA-256: 3bddea3eb0fb6a501b79b5857cb46bc506681b3ebbd78938064eddb652ce8b21
libnghttp2-debuginfo-1.43.0-5.el9_0.2.ppc64le.rpm	SHA-256: b0c6171471f1053ece94cac2c1cf1de8c787b580035d66b601fcb88fa0cda5fc
nghttp2-debuginfo-1.43.0-5.el9_0.2.ppc64le.rpm	SHA-256: 2c7dc383eaadb445b109532eb60265a2c864401a26f513dab5bba93e9b3979b1
nghttp2-debugsource-1.43.0-5.el9_0.2.ppc64le.rpm	SHA-256: 6ccfa5d6f16275e4591d840148a30c7bcddc0853f6ac63e999e26e2b7f1d56fa

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0

SRPM
nghttp2-1.43.0-5.el9_0.2.src.rpm	SHA-256: cf3c7e05996f03b2e0a48239401ba0302619ea3168e61e1038d0a0886b2b4284
x86_64
libnghttp2-1.43.0-5.el9_0.2.i686.rpm	SHA-256: c7b1b7fc6191aa7f43fdcca30f3771639b387d274d3b54db58d56da9b513d8b7
libnghttp2-1.43.0-5.el9_0.2.x86_64.rpm	SHA-256: 648d1ba75d5dafb3964780dec6e7c330c72ba70a62c30b24cea3098cd89db78d
libnghttp2-debuginfo-1.43.0-5.el9_0.2.i686.rpm	SHA-256: ba824361de150f3f366f0fdb3e0fd5d96fca37e8cd430ad105f106229cf42fb4
libnghttp2-debuginfo-1.43.0-5.el9_0.2.x86_64.rpm	SHA-256: 007d544ba8e929e50c24abb280d110930f7edc513b22fd06856deddfe49a2c71
nghttp2-debuginfo-1.43.0-5.el9_0.2.i686.rpm	SHA-256: 0c2752af34a99e1b555b6f5909e369fb95da620c2529f0c653f6b2fc2bc67853
nghttp2-debuginfo-1.43.0-5.el9_0.2.x86_64.rpm	SHA-256: bf5af45f21e5f312d50b8995ca42eba43411d3d56ee7a3a2aa60a2b25fe145ba
nghttp2-debugsource-1.43.0-5.el9_0.2.i686.rpm	SHA-256: 3fff1d118851c34eeb9cc2e5c76d196cde5d09fd51899a16fba733bc8537201b
nghttp2-debugsource-1.43.0-5.el9_0.2.x86_64.rpm	SHA-256: c70b28ec4cb42dd2863d062f7484ddafaed1492edeb99c45092b17f009259a8b

Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.0

SRPM
x86_64
libnghttp2-debuginfo-1.43.0-5.el9_0.2.i686.rpm	SHA-256: ba824361de150f3f366f0fdb3e0fd5d96fca37e8cd430ad105f106229cf42fb4
libnghttp2-debuginfo-1.43.0-5.el9_0.2.x86_64.rpm	SHA-256: 007d544ba8e929e50c24abb280d110930f7edc513b22fd06856deddfe49a2c71
libnghttp2-devel-1.43.0-5.el9_0.2.i686.rpm	SHA-256: 6d8b980a5aa4409e2b496ed1355597534a2fcec5ef9043b5f40a8adaaa77952c
libnghttp2-devel-1.43.0-5.el9_0.2.x86_64.rpm	SHA-256: cb2def5133a15006fcb4c5a7c50c54eb16004691242b4cd100a7ad4cdc1317fb
nghttp2-1.43.0-5.el9_0.2.x86_64.rpm	SHA-256: d4f2227d6632c4189f83c04590c3488929c8123ef2b2642568a0a36240851c9e
nghttp2-debuginfo-1.43.0-5.el9_0.2.i686.rpm	SHA-256: 0c2752af34a99e1b555b6f5909e369fb95da620c2529f0c653f6b2fc2bc67853
nghttp2-debuginfo-1.43.0-5.el9_0.2.x86_64.rpm	SHA-256: bf5af45f21e5f312d50b8995ca42eba43411d3d56ee7a3a2aa60a2b25fe145ba
nghttp2-debugsource-1.43.0-5.el9_0.2.i686.rpm	SHA-256: 3fff1d118851c34eeb9cc2e5c76d196cde5d09fd51899a16fba733bc8537201b
nghttp2-debugsource-1.43.0-5.el9_0.2.x86_64.rpm	SHA-256: c70b28ec4cb42dd2863d062f7484ddafaed1492edeb99c45092b17f009259a8b

Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.0

SRPM
ppc64le
libnghttp2-debuginfo-1.43.0-5.el9_0.2.ppc64le.rpm	SHA-256: b0c6171471f1053ece94cac2c1cf1de8c787b580035d66b601fcb88fa0cda5fc
libnghttp2-devel-1.43.0-5.el9_0.2.ppc64le.rpm	SHA-256: 1e0699cd013d4c8a4fe548624ce00b2d50d9078d7aeeb9f7d693231a8270a2c0
nghttp2-1.43.0-5.el9_0.2.ppc64le.rpm	SHA-256: 93611a68b7a8107f6350f79f9958e679dac84c1a9e5496e202777365d8afe0b4
nghttp2-debuginfo-1.43.0-5.el9_0.2.ppc64le.rpm	SHA-256: 2c7dc383eaadb445b109532eb60265a2c864401a26f513dab5bba93e9b3979b1
nghttp2-debugsource-1.43.0-5.el9_0.2.ppc64le.rpm	SHA-256: 6ccfa5d6f16275e4591d840148a30c7bcddc0853f6ac63e999e26e2b7f1d56fa

Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.0

SRPM
s390x
libnghttp2-debuginfo-1.43.0-5.el9_0.2.s390x.rpm	SHA-256: 976dab3c3b8fc40aa67c23257ab2f3f79d70d46a03c7d78cb22f027c088a48e4
libnghttp2-devel-1.43.0-5.el9_0.2.s390x.rpm	SHA-256: 00ec0166afb26a02154a8ec5b3ea27c4eaa37ad97a565a76ddb7ab3c29dd82af
nghttp2-1.43.0-5.el9_0.2.s390x.rpm	SHA-256: 468206a0ac0491906e97ab614bf6565fdec3691d7de350c1593e4d54ea01a5bd
nghttp2-debuginfo-1.43.0-5.el9_0.2.s390x.rpm	SHA-256: 579b1b7f07c959dc5288f59412522b9074c07a89224312cd08821731df8e47d2
nghttp2-debugsource-1.43.0-5.el9_0.2.s390x.rpm	SHA-256: 49d93305db926e17069cbb96358c0f1d0fb6e0bd0b645907b04d2e387885db1d

Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.0

SRPM
aarch64
libnghttp2-debuginfo-1.43.0-5.el9_0.2.aarch64.rpm	SHA-256: 7d205863359d7541635024c29a04be43c94c5fd539b9ca4419be026c321bec76
libnghttp2-devel-1.43.0-5.el9_0.2.aarch64.rpm	SHA-256: 8fc62f8b0bc54c79cdead1a77ade9c38889199615a52ced3987a58e98b182d55
nghttp2-1.43.0-5.el9_0.2.aarch64.rpm	SHA-256: 1c6179018ea576fd85d57ce95576a9aff2629c731b4dd834e6ce57abd8f4514b
nghttp2-debuginfo-1.43.0-5.el9_0.2.aarch64.rpm	SHA-256: dfd3de4b895d059efead11fb16b0f84ae651c137d4e7d833c8a2e36fded40ca7
nghttp2-debugsource-1.43.0-5.el9_0.2.aarch64.rpm	SHA-256: 3ee073d102f1e64d3c6dfab8eae82f227d38ba7dd88ffe38d2f08becf9c91d60

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0

SRPM
nghttp2-1.43.0-5.el9_0.2.src.rpm	SHA-256: cf3c7e05996f03b2e0a48239401ba0302619ea3168e61e1038d0a0886b2b4284
aarch64
libnghttp2-1.43.0-5.el9_0.2.aarch64.rpm	SHA-256: 93fb62a53793ff75b8409586e130d6734892f3d6e6744fb78f2ff71be487e816
libnghttp2-debuginfo-1.43.0-5.el9_0.2.aarch64.rpm	SHA-256: 7d205863359d7541635024c29a04be43c94c5fd539b9ca4419be026c321bec76
nghttp2-debuginfo-1.43.0-5.el9_0.2.aarch64.rpm	SHA-256: dfd3de4b895d059efead11fb16b0f84ae651c137d4e7d833c8a2e36fded40ca7
nghttp2-debugsource-1.43.0-5.el9_0.2.aarch64.rpm	SHA-256: 3ee073d102f1e64d3c6dfab8eae82f227d38ba7dd88ffe38d2f08becf9c91d60

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0

SRPM
nghttp2-1.43.0-5.el9_0.2.src.rpm	SHA-256: cf3c7e05996f03b2e0a48239401ba0302619ea3168e61e1038d0a0886b2b4284
s390x
libnghttp2-1.43.0-5.el9_0.2.s390x.rpm	SHA-256: 03dc268e1f5fd29ff97f6725fb92dbf8f936aeee981f47ed3d5d2cd99d6b0a77
libnghttp2-debuginfo-1.43.0-5.el9_0.2.s390x.rpm	SHA-256: 976dab3c3b8fc40aa67c23257ab2f3f79d70d46a03c7d78cb22f027c088a48e4
nghttp2-debuginfo-1.43.0-5.el9_0.2.s390x.rpm	SHA-256: 579b1b7f07c959dc5288f59412522b9074c07a89224312cd08821731df8e47d2
nghttp2-debugsource-1.43.0-5.el9_0.2.s390x.rpm	SHA-256: 49d93305db926e17069cbb96358c0f1d0fb6e0bd0b645907b04d2e387885db1d

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation