Issued:: 2024-06-06
Updated:: 2024-06-06

RHSA-2024:3665 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: nghttp2 security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for nghttp2 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 (HTTP/2) protocol in C.

Security Fix(es):

nghttp2: CONTINUATION frames DoS (CVE-2024-28182,VU#421644.5)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.2 x86_64
Red Hat Enterprise Linux Server - AUS 9.2 x86_64
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.2 s390x
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.2 ppc64le
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.2 aarch64
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 ppc64le
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64
Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.2 x86_64
Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.2 ppc64le
Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.2 s390x
Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.2 aarch64
Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2 aarch64
Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2 s390x

Fixes

BZ - 2268639 - CVE-2024-28182 nghttp2: CONTINUATION frames DoS

CVEs

CVE-2024-28182

References

https://access.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.2

SRPM
nghttp2-1.43.0-5.el9_2.3.src.rpm	SHA-256: deea12244d581c54dd765b4e54d5e4a9e6cdfd487c206f82441c97288ddeb0c6
x86_64
libnghttp2-1.43.0-5.el9_2.3.i686.rpm	SHA-256: a2acd3ac9c83ccfd99679548b981da2856ddb11ca2c303cb878f86f470751a46
libnghttp2-1.43.0-5.el9_2.3.x86_64.rpm	SHA-256: bafc84bd1c118d99f73ca9b4cb94e7baad3a1f856ce733f534e32ebb078e529e
libnghttp2-debuginfo-1.43.0-5.el9_2.3.i686.rpm	SHA-256: 6840bdc98311c1d196199c9efe85e127730a6e7a4c0b21fc19dbb18250dae3e3
libnghttp2-debuginfo-1.43.0-5.el9_2.3.x86_64.rpm	SHA-256: eb98b22330e2f069e8a59e5fdf2b7bc2767fa3178cf1cba733c6e38cf5477c4e
nghttp2-debuginfo-1.43.0-5.el9_2.3.i686.rpm	SHA-256: 59c91046101364f3a73464f5668a20035c653a3a7efbee06bf597b472d6905c0
nghttp2-debuginfo-1.43.0-5.el9_2.3.x86_64.rpm	SHA-256: 17be955dd23bfb7b8f01d0615e4f42881d9d6b37365a201061e8eb3c3bb99f78
nghttp2-debugsource-1.43.0-5.el9_2.3.i686.rpm	SHA-256: 543eb18e6cd5c25cc25424faf95ba604ac368d2086046f38fac4ea74f8f17a40
nghttp2-debugsource-1.43.0-5.el9_2.3.x86_64.rpm	SHA-256: 722959b44191f0b11aaa684962ab823e77691a0344b5e7703f9e626c46ab6d52

Red Hat Enterprise Linux Server - AUS 9.2

SRPM
nghttp2-1.43.0-5.el9_2.3.src.rpm	SHA-256: deea12244d581c54dd765b4e54d5e4a9e6cdfd487c206f82441c97288ddeb0c6
x86_64
libnghttp2-1.43.0-5.el9_2.3.i686.rpm	SHA-256: a2acd3ac9c83ccfd99679548b981da2856ddb11ca2c303cb878f86f470751a46
libnghttp2-1.43.0-5.el9_2.3.x86_64.rpm	SHA-256: bafc84bd1c118d99f73ca9b4cb94e7baad3a1f856ce733f534e32ebb078e529e
libnghttp2-debuginfo-1.43.0-5.el9_2.3.i686.rpm	SHA-256: 6840bdc98311c1d196199c9efe85e127730a6e7a4c0b21fc19dbb18250dae3e3
libnghttp2-debuginfo-1.43.0-5.el9_2.3.x86_64.rpm	SHA-256: eb98b22330e2f069e8a59e5fdf2b7bc2767fa3178cf1cba733c6e38cf5477c4e
nghttp2-debuginfo-1.43.0-5.el9_2.3.i686.rpm	SHA-256: 59c91046101364f3a73464f5668a20035c653a3a7efbee06bf597b472d6905c0
nghttp2-debuginfo-1.43.0-5.el9_2.3.x86_64.rpm	SHA-256: 17be955dd23bfb7b8f01d0615e4f42881d9d6b37365a201061e8eb3c3bb99f78
nghttp2-debugsource-1.43.0-5.el9_2.3.i686.rpm	SHA-256: 543eb18e6cd5c25cc25424faf95ba604ac368d2086046f38fac4ea74f8f17a40
nghttp2-debugsource-1.43.0-5.el9_2.3.x86_64.rpm	SHA-256: 722959b44191f0b11aaa684962ab823e77691a0344b5e7703f9e626c46ab6d52

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.2

SRPM
nghttp2-1.43.0-5.el9_2.3.src.rpm	SHA-256: deea12244d581c54dd765b4e54d5e4a9e6cdfd487c206f82441c97288ddeb0c6
s390x
libnghttp2-1.43.0-5.el9_2.3.s390x.rpm	SHA-256: b2bc1fc63edbdeca705f6af21adeb17c510f4e17e5d363a9adfb19c597241399
libnghttp2-debuginfo-1.43.0-5.el9_2.3.s390x.rpm	SHA-256: ab8177dd62a6b9a33112df1a19bc672c80e7aee474c476c358b0398133117c37
nghttp2-debuginfo-1.43.0-5.el9_2.3.s390x.rpm	SHA-256: 2caf32b3c0dd7b6642ae4a9b7ba9663e4f825d69673a0da7442ad003d2fc774c
nghttp2-debugsource-1.43.0-5.el9_2.3.s390x.rpm	SHA-256: 014f73d7d14033009b60c83b0f449095908b0595848c32767e91e9b0f89c5f8a

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.2

SRPM
nghttp2-1.43.0-5.el9_2.3.src.rpm	SHA-256: deea12244d581c54dd765b4e54d5e4a9e6cdfd487c206f82441c97288ddeb0c6
ppc64le
libnghttp2-1.43.0-5.el9_2.3.ppc64le.rpm	SHA-256: 9f241cd0be32926001d4f87435439ceacb012937a719dffecac8345162f0d660
libnghttp2-debuginfo-1.43.0-5.el9_2.3.ppc64le.rpm	SHA-256: b6493e80cf24f6e508933b8d3814dba839794cbaf8ffc9589b255a5424cd568d
nghttp2-debuginfo-1.43.0-5.el9_2.3.ppc64le.rpm	SHA-256: 9c056edd9a65216b730ab0cc57e4fc57eabe891b7211fb6ee053377f145fa53f
nghttp2-debugsource-1.43.0-5.el9_2.3.ppc64le.rpm	SHA-256: af29d0a80624515f863b978fcb6f1ee477edf92ce86d44b54320440d44d17d64

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.2

SRPM
nghttp2-1.43.0-5.el9_2.3.src.rpm	SHA-256: deea12244d581c54dd765b4e54d5e4a9e6cdfd487c206f82441c97288ddeb0c6
aarch64
libnghttp2-1.43.0-5.el9_2.3.aarch64.rpm	SHA-256: 500898693cc5b9ed97a73529b2c3986e4abb814319849ca72e891ee4c1c84965
libnghttp2-debuginfo-1.43.0-5.el9_2.3.aarch64.rpm	SHA-256: 50513469a1a09816a9370c7306f55473a1c93b63bd88a5cf65c90c287b5ae143
nghttp2-debuginfo-1.43.0-5.el9_2.3.aarch64.rpm	SHA-256: c728aa793b3e27e0856337fbe9b4b238f96ec1f7e3dd8fac31873ca3c1e0c6cf
nghttp2-debugsource-1.43.0-5.el9_2.3.aarch64.rpm	SHA-256: 5631ac66d0efb34f86edba8d038424c39c01c87e2a3487bdf70ec6a6ab1937c7

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2

SRPM
nghttp2-1.43.0-5.el9_2.3.src.rpm	SHA-256: deea12244d581c54dd765b4e54d5e4a9e6cdfd487c206f82441c97288ddeb0c6
ppc64le
libnghttp2-1.43.0-5.el9_2.3.ppc64le.rpm	SHA-256: 9f241cd0be32926001d4f87435439ceacb012937a719dffecac8345162f0d660
libnghttp2-debuginfo-1.43.0-5.el9_2.3.ppc64le.rpm	SHA-256: b6493e80cf24f6e508933b8d3814dba839794cbaf8ffc9589b255a5424cd568d
nghttp2-debuginfo-1.43.0-5.el9_2.3.ppc64le.rpm	SHA-256: 9c056edd9a65216b730ab0cc57e4fc57eabe891b7211fb6ee053377f145fa53f
nghttp2-debugsource-1.43.0-5.el9_2.3.ppc64le.rpm	SHA-256: af29d0a80624515f863b978fcb6f1ee477edf92ce86d44b54320440d44d17d64

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2

SRPM
nghttp2-1.43.0-5.el9_2.3.src.rpm	SHA-256: deea12244d581c54dd765b4e54d5e4a9e6cdfd487c206f82441c97288ddeb0c6
x86_64
libnghttp2-1.43.0-5.el9_2.3.i686.rpm	SHA-256: a2acd3ac9c83ccfd99679548b981da2856ddb11ca2c303cb878f86f470751a46
libnghttp2-1.43.0-5.el9_2.3.x86_64.rpm	SHA-256: bafc84bd1c118d99f73ca9b4cb94e7baad3a1f856ce733f534e32ebb078e529e
libnghttp2-debuginfo-1.43.0-5.el9_2.3.i686.rpm	SHA-256: 6840bdc98311c1d196199c9efe85e127730a6e7a4c0b21fc19dbb18250dae3e3
libnghttp2-debuginfo-1.43.0-5.el9_2.3.x86_64.rpm	SHA-256: eb98b22330e2f069e8a59e5fdf2b7bc2767fa3178cf1cba733c6e38cf5477c4e
nghttp2-debuginfo-1.43.0-5.el9_2.3.i686.rpm	SHA-256: 59c91046101364f3a73464f5668a20035c653a3a7efbee06bf597b472d6905c0
nghttp2-debuginfo-1.43.0-5.el9_2.3.x86_64.rpm	SHA-256: 17be955dd23bfb7b8f01d0615e4f42881d9d6b37365a201061e8eb3c3bb99f78
nghttp2-debugsource-1.43.0-5.el9_2.3.i686.rpm	SHA-256: 543eb18e6cd5c25cc25424faf95ba604ac368d2086046f38fac4ea74f8f17a40
nghttp2-debugsource-1.43.0-5.el9_2.3.x86_64.rpm	SHA-256: 722959b44191f0b11aaa684962ab823e77691a0344b5e7703f9e626c46ab6d52

Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.2

SRPM
x86_64
libnghttp2-debuginfo-1.43.0-5.el9_2.3.i686.rpm	SHA-256: 6840bdc98311c1d196199c9efe85e127730a6e7a4c0b21fc19dbb18250dae3e3
libnghttp2-debuginfo-1.43.0-5.el9_2.3.x86_64.rpm	SHA-256: eb98b22330e2f069e8a59e5fdf2b7bc2767fa3178cf1cba733c6e38cf5477c4e
libnghttp2-devel-1.43.0-5.el9_2.3.i686.rpm	SHA-256: cc8e1156b0ef7c07c490237575d4da8fb172e2d97599ca00eb78e00f6e52bf47
libnghttp2-devel-1.43.0-5.el9_2.3.x86_64.rpm	SHA-256: b5faf3085fdf199b8e895ec554c2f96423207ed30f7f4c1cafa241bc6b3a6c8a
nghttp2-1.43.0-5.el9_2.3.x86_64.rpm	SHA-256: 9cb6cebbcd575bef769936e9fcfc8d76c34cb86a2a8be4f80fad303b02a707c1
nghttp2-debuginfo-1.43.0-5.el9_2.3.i686.rpm	SHA-256: 59c91046101364f3a73464f5668a20035c653a3a7efbee06bf597b472d6905c0
nghttp2-debuginfo-1.43.0-5.el9_2.3.x86_64.rpm	SHA-256: 17be955dd23bfb7b8f01d0615e4f42881d9d6b37365a201061e8eb3c3bb99f78
nghttp2-debugsource-1.43.0-5.el9_2.3.i686.rpm	SHA-256: 543eb18e6cd5c25cc25424faf95ba604ac368d2086046f38fac4ea74f8f17a40
nghttp2-debugsource-1.43.0-5.el9_2.3.x86_64.rpm	SHA-256: 722959b44191f0b11aaa684962ab823e77691a0344b5e7703f9e626c46ab6d52

Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.2

SRPM
ppc64le
libnghttp2-debuginfo-1.43.0-5.el9_2.3.ppc64le.rpm	SHA-256: b6493e80cf24f6e508933b8d3814dba839794cbaf8ffc9589b255a5424cd568d
libnghttp2-devel-1.43.0-5.el9_2.3.ppc64le.rpm	SHA-256: c2eadf0d5625fbcf0b515ae58bac98de3e2f6c7c5ca88ae7df4f569350c7d4a5
nghttp2-1.43.0-5.el9_2.3.ppc64le.rpm	SHA-256: 1724fca4aa26bc66805ef0ce65993d9848e7f938beb58745dda477f3607478f6
nghttp2-debuginfo-1.43.0-5.el9_2.3.ppc64le.rpm	SHA-256: 9c056edd9a65216b730ab0cc57e4fc57eabe891b7211fb6ee053377f145fa53f
nghttp2-debugsource-1.43.0-5.el9_2.3.ppc64le.rpm	SHA-256: af29d0a80624515f863b978fcb6f1ee477edf92ce86d44b54320440d44d17d64

Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.2

SRPM
s390x
libnghttp2-debuginfo-1.43.0-5.el9_2.3.s390x.rpm	SHA-256: ab8177dd62a6b9a33112df1a19bc672c80e7aee474c476c358b0398133117c37
libnghttp2-devel-1.43.0-5.el9_2.3.s390x.rpm	SHA-256: 0ef4fa7f2152049bb0d28f5fa70919bf5a4feeb7963c5865657da0e36951c971
nghttp2-1.43.0-5.el9_2.3.s390x.rpm	SHA-256: ced833a47404b0fb03344d327b3ee6da66c3084bcd0d03c696641a2eb89189c0
nghttp2-debuginfo-1.43.0-5.el9_2.3.s390x.rpm	SHA-256: 2caf32b3c0dd7b6642ae4a9b7ba9663e4f825d69673a0da7442ad003d2fc774c
nghttp2-debugsource-1.43.0-5.el9_2.3.s390x.rpm	SHA-256: 014f73d7d14033009b60c83b0f449095908b0595848c32767e91e9b0f89c5f8a

Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.2

SRPM
aarch64
libnghttp2-debuginfo-1.43.0-5.el9_2.3.aarch64.rpm	SHA-256: 50513469a1a09816a9370c7306f55473a1c93b63bd88a5cf65c90c287b5ae143
libnghttp2-devel-1.43.0-5.el9_2.3.aarch64.rpm	SHA-256: 76258b50b2a13db97d35608e054fdb6dd4cab180641ef8e1f144f5cb1484e596
nghttp2-1.43.0-5.el9_2.3.aarch64.rpm	SHA-256: 468d24b6cbfb344e7c1b0e39f8c335214c428200fc2ac78bf4ab6289a19b1eac
nghttp2-debuginfo-1.43.0-5.el9_2.3.aarch64.rpm	SHA-256: c728aa793b3e27e0856337fbe9b4b238f96ec1f7e3dd8fac31873ca3c1e0c6cf
nghttp2-debugsource-1.43.0-5.el9_2.3.aarch64.rpm	SHA-256: 5631ac66d0efb34f86edba8d038424c39c01c87e2a3487bdf70ec6a6ab1937c7

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2

SRPM
nghttp2-1.43.0-5.el9_2.3.src.rpm	SHA-256: deea12244d581c54dd765b4e54d5e4a9e6cdfd487c206f82441c97288ddeb0c6
aarch64
libnghttp2-1.43.0-5.el9_2.3.aarch64.rpm	SHA-256: 500898693cc5b9ed97a73529b2c3986e4abb814319849ca72e891ee4c1c84965
libnghttp2-debuginfo-1.43.0-5.el9_2.3.aarch64.rpm	SHA-256: 50513469a1a09816a9370c7306f55473a1c93b63bd88a5cf65c90c287b5ae143
nghttp2-debuginfo-1.43.0-5.el9_2.3.aarch64.rpm	SHA-256: c728aa793b3e27e0856337fbe9b4b238f96ec1f7e3dd8fac31873ca3c1e0c6cf
nghttp2-debugsource-1.43.0-5.el9_2.3.aarch64.rpm	SHA-256: 5631ac66d0efb34f86edba8d038424c39c01c87e2a3487bdf70ec6a6ab1937c7

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2

SRPM
nghttp2-1.43.0-5.el9_2.3.src.rpm	SHA-256: deea12244d581c54dd765b4e54d5e4a9e6cdfd487c206f82441c97288ddeb0c6
s390x
libnghttp2-1.43.0-5.el9_2.3.s390x.rpm	SHA-256: b2bc1fc63edbdeca705f6af21adeb17c510f4e17e5d363a9adfb19c597241399
libnghttp2-debuginfo-1.43.0-5.el9_2.3.s390x.rpm	SHA-256: ab8177dd62a6b9a33112df1a19bc672c80e7aee474c476c358b0398133117c37
nghttp2-debuginfo-1.43.0-5.el9_2.3.s390x.rpm	SHA-256: 2caf32b3c0dd7b6642ae4a9b7ba9663e4f825d69673a0da7442ad003d2fc774c
nghttp2-debugsource-1.43.0-5.el9_2.3.s390x.rpm	SHA-256: 014f73d7d14033009b60c83b0f449095908b0595848c32767e91e9b0f89c5f8a

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation