Issued:: 2024-06-06
Updated:: 2024-06-06

RHSA-2024:3701 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: nghttp2 security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for nghttp2 is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 (HTTP/2) protocol in C.

Security Fix(es):

nghttp2: CONTINUATION frames DoS (CVE-2024-28182,VU#421644.5)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.8 x86_64
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8 s390x
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8 ppc64le
Red Hat Enterprise Linux Server - TUS 8.8 x86_64
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8 aarch64
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 ppc64le
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 x86_64
Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.8 x86_64
Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.8 ppc64le
Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 8.8 s390x
Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.8 aarch64

Fixes

BZ - 2268639 - CVE-2024-28182 nghttp2: CONTINUATION frames DoS

CVEs

CVE-2024-28182

References

https://access.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8

SRPM
nghttp2-1.33.0-5.el8_8.1.src.rpm	SHA-256: 9793ef69e79690a314b3b573a3c949d8ef99f8ed1effe9961239c25f30bbb7c1
x86_64
libnghttp2-1.33.0-5.el8_8.1.i686.rpm	SHA-256: 1c54ecc34366ca2a0ab44ad9385a665a3d64cd5beb1b18d1c2eeeda9deeee14a
libnghttp2-1.33.0-5.el8_8.1.x86_64.rpm	SHA-256: 8eb97727830ca8d206eea4c5fd9173eeea9aa4d7d2b1830abb3f1d7190f360f7
libnghttp2-debuginfo-1.33.0-5.el8_8.1.i686.rpm	SHA-256: 32af44ac8b0e876cbd2b59ab0dd3da76f42121b884144bc5bbd420f31b335cfd
libnghttp2-debuginfo-1.33.0-5.el8_8.1.x86_64.rpm	SHA-256: dcae678cff6ed3bf1e5c542b9a9515e56014bd0598c7d3d14efc21598a9bbe8f
nghttp2-debuginfo-1.33.0-5.el8_8.1.i686.rpm	SHA-256: 2862de389952f127eb02cdf5fc18a86ec1b0f9f305cd10ed44a65c5704c1d01f
nghttp2-debuginfo-1.33.0-5.el8_8.1.x86_64.rpm	SHA-256: 705122e59ce9395843e275ed4d82d8d481dfa6398e45c3f058e9f0776bdb094d
nghttp2-debugsource-1.33.0-5.el8_8.1.i686.rpm	SHA-256: caebe1913538cba6a638e3749c57a1ada0915a3b2c9549dbdc380778f5afaa24
nghttp2-debugsource-1.33.0-5.el8_8.1.x86_64.rpm	SHA-256: 453203ad29d7fd0a0b59677ff44354d51335239dd4d77b5d2be2b5587e1c8e5b

Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.8

SRPM
nghttp2-1.33.0-5.el8_8.1.src.rpm	SHA-256: 9793ef69e79690a314b3b573a3c949d8ef99f8ed1effe9961239c25f30bbb7c1
x86_64
libnghttp2-1.33.0-5.el8_8.1.i686.rpm	SHA-256: 1c54ecc34366ca2a0ab44ad9385a665a3d64cd5beb1b18d1c2eeeda9deeee14a
libnghttp2-1.33.0-5.el8_8.1.x86_64.rpm	SHA-256: 8eb97727830ca8d206eea4c5fd9173eeea9aa4d7d2b1830abb3f1d7190f360f7
libnghttp2-debuginfo-1.33.0-5.el8_8.1.i686.rpm	SHA-256: 32af44ac8b0e876cbd2b59ab0dd3da76f42121b884144bc5bbd420f31b335cfd
libnghttp2-debuginfo-1.33.0-5.el8_8.1.x86_64.rpm	SHA-256: dcae678cff6ed3bf1e5c542b9a9515e56014bd0598c7d3d14efc21598a9bbe8f
nghttp2-debuginfo-1.33.0-5.el8_8.1.i686.rpm	SHA-256: 2862de389952f127eb02cdf5fc18a86ec1b0f9f305cd10ed44a65c5704c1d01f
nghttp2-debuginfo-1.33.0-5.el8_8.1.x86_64.rpm	SHA-256: 705122e59ce9395843e275ed4d82d8d481dfa6398e45c3f058e9f0776bdb094d
nghttp2-debugsource-1.33.0-5.el8_8.1.i686.rpm	SHA-256: caebe1913538cba6a638e3749c57a1ada0915a3b2c9549dbdc380778f5afaa24
nghttp2-debugsource-1.33.0-5.el8_8.1.x86_64.rpm	SHA-256: 453203ad29d7fd0a0b59677ff44354d51335239dd4d77b5d2be2b5587e1c8e5b

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8

SRPM
nghttp2-1.33.0-5.el8_8.1.src.rpm	SHA-256: 9793ef69e79690a314b3b573a3c949d8ef99f8ed1effe9961239c25f30bbb7c1
s390x
libnghttp2-1.33.0-5.el8_8.1.s390x.rpm	SHA-256: f2553299a4055134ff438acefe1e16fde5f3259befc35781321d87a3561fa2d0
libnghttp2-debuginfo-1.33.0-5.el8_8.1.s390x.rpm	SHA-256: 83ffe5c4e9885c47688c1504549a069dc27d6396ea6d6e742c906276f106142d
nghttp2-debuginfo-1.33.0-5.el8_8.1.s390x.rpm	SHA-256: 77d125876ad28d88dd0fb82c3eef6e7bc5572474c8315609d10d758a337dcedc
nghttp2-debugsource-1.33.0-5.el8_8.1.s390x.rpm	SHA-256: 6065e2bc353e23d41bfa195fd256153001e3f2e11de6d65cd6bd3cd896ea509d

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8

SRPM
nghttp2-1.33.0-5.el8_8.1.src.rpm	SHA-256: 9793ef69e79690a314b3b573a3c949d8ef99f8ed1effe9961239c25f30bbb7c1
ppc64le
libnghttp2-1.33.0-5.el8_8.1.ppc64le.rpm	SHA-256: cb00ca2be69f456d049b852583033469eb403122d0fda09d48460b1a3cfcb42a
libnghttp2-debuginfo-1.33.0-5.el8_8.1.ppc64le.rpm	SHA-256: f2b96f59e0ed88535a50a34d5534639eeb7a966d030fcd677eca490470757601
nghttp2-debuginfo-1.33.0-5.el8_8.1.ppc64le.rpm	SHA-256: d10b7fc8beea502c24d3d7b82d9e4541d0d2b074cec5c238f0d2728dc7379783
nghttp2-debugsource-1.33.0-5.el8_8.1.ppc64le.rpm	SHA-256: bd71be41ef12a785d39f175d21d913e7aa51ccfcc30a3297d01ec52912ebb478

Red Hat Enterprise Linux Server - TUS 8.8

SRPM
nghttp2-1.33.0-5.el8_8.1.src.rpm	SHA-256: 9793ef69e79690a314b3b573a3c949d8ef99f8ed1effe9961239c25f30bbb7c1
x86_64
libnghttp2-1.33.0-5.el8_8.1.i686.rpm	SHA-256: 1c54ecc34366ca2a0ab44ad9385a665a3d64cd5beb1b18d1c2eeeda9deeee14a
libnghttp2-1.33.0-5.el8_8.1.x86_64.rpm	SHA-256: 8eb97727830ca8d206eea4c5fd9173eeea9aa4d7d2b1830abb3f1d7190f360f7
libnghttp2-debuginfo-1.33.0-5.el8_8.1.i686.rpm	SHA-256: 32af44ac8b0e876cbd2b59ab0dd3da76f42121b884144bc5bbd420f31b335cfd
libnghttp2-debuginfo-1.33.0-5.el8_8.1.x86_64.rpm	SHA-256: dcae678cff6ed3bf1e5c542b9a9515e56014bd0598c7d3d14efc21598a9bbe8f
nghttp2-debuginfo-1.33.0-5.el8_8.1.i686.rpm	SHA-256: 2862de389952f127eb02cdf5fc18a86ec1b0f9f305cd10ed44a65c5704c1d01f
nghttp2-debuginfo-1.33.0-5.el8_8.1.x86_64.rpm	SHA-256: 705122e59ce9395843e275ed4d82d8d481dfa6398e45c3f058e9f0776bdb094d
nghttp2-debugsource-1.33.0-5.el8_8.1.i686.rpm	SHA-256: caebe1913538cba6a638e3749c57a1ada0915a3b2c9549dbdc380778f5afaa24
nghttp2-debugsource-1.33.0-5.el8_8.1.x86_64.rpm	SHA-256: 453203ad29d7fd0a0b59677ff44354d51335239dd4d77b5d2be2b5587e1c8e5b

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8

SRPM
nghttp2-1.33.0-5.el8_8.1.src.rpm	SHA-256: 9793ef69e79690a314b3b573a3c949d8ef99f8ed1effe9961239c25f30bbb7c1
aarch64
libnghttp2-1.33.0-5.el8_8.1.aarch64.rpm	SHA-256: 1bfeed875331b85769ff769d1f1f20bb07c421efb3b072aee28355ce4e3541ee
libnghttp2-debuginfo-1.33.0-5.el8_8.1.aarch64.rpm	SHA-256: 0a9508d5c91b29bd1062f4cdad930c536820cb45488e6168b8d46d426b42a3b9
nghttp2-debuginfo-1.33.0-5.el8_8.1.aarch64.rpm	SHA-256: 7c685bce55cdc4fa1816f03fba303208abc15941173481714b07e5c3a128d6af
nghttp2-debugsource-1.33.0-5.el8_8.1.aarch64.rpm	SHA-256: 21c3ad5be25608c79361856f0e2c41b319ddcba254f0fe2686fbdfb74b3c9637

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8

SRPM
nghttp2-1.33.0-5.el8_8.1.src.rpm	SHA-256: 9793ef69e79690a314b3b573a3c949d8ef99f8ed1effe9961239c25f30bbb7c1
ppc64le
libnghttp2-1.33.0-5.el8_8.1.ppc64le.rpm	SHA-256: cb00ca2be69f456d049b852583033469eb403122d0fda09d48460b1a3cfcb42a
libnghttp2-debuginfo-1.33.0-5.el8_8.1.ppc64le.rpm	SHA-256: f2b96f59e0ed88535a50a34d5534639eeb7a966d030fcd677eca490470757601
nghttp2-debuginfo-1.33.0-5.el8_8.1.ppc64le.rpm	SHA-256: d10b7fc8beea502c24d3d7b82d9e4541d0d2b074cec5c238f0d2728dc7379783
nghttp2-debugsource-1.33.0-5.el8_8.1.ppc64le.rpm	SHA-256: bd71be41ef12a785d39f175d21d913e7aa51ccfcc30a3297d01ec52912ebb478

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8

SRPM
nghttp2-1.33.0-5.el8_8.1.src.rpm	SHA-256: 9793ef69e79690a314b3b573a3c949d8ef99f8ed1effe9961239c25f30bbb7c1
x86_64
libnghttp2-1.33.0-5.el8_8.1.i686.rpm	SHA-256: 1c54ecc34366ca2a0ab44ad9385a665a3d64cd5beb1b18d1c2eeeda9deeee14a
libnghttp2-1.33.0-5.el8_8.1.x86_64.rpm	SHA-256: 8eb97727830ca8d206eea4c5fd9173eeea9aa4d7d2b1830abb3f1d7190f360f7
libnghttp2-debuginfo-1.33.0-5.el8_8.1.i686.rpm	SHA-256: 32af44ac8b0e876cbd2b59ab0dd3da76f42121b884144bc5bbd420f31b335cfd
libnghttp2-debuginfo-1.33.0-5.el8_8.1.x86_64.rpm	SHA-256: dcae678cff6ed3bf1e5c542b9a9515e56014bd0598c7d3d14efc21598a9bbe8f
nghttp2-debuginfo-1.33.0-5.el8_8.1.i686.rpm	SHA-256: 2862de389952f127eb02cdf5fc18a86ec1b0f9f305cd10ed44a65c5704c1d01f
nghttp2-debuginfo-1.33.0-5.el8_8.1.x86_64.rpm	SHA-256: 705122e59ce9395843e275ed4d82d8d481dfa6398e45c3f058e9f0776bdb094d
nghttp2-debugsource-1.33.0-5.el8_8.1.i686.rpm	SHA-256: caebe1913538cba6a638e3749c57a1ada0915a3b2c9549dbdc380778f5afaa24
nghttp2-debugsource-1.33.0-5.el8_8.1.x86_64.rpm	SHA-256: 453203ad29d7fd0a0b59677ff44354d51335239dd4d77b5d2be2b5587e1c8e5b

Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.8

SRPM
x86_64
libnghttp2-debuginfo-1.33.0-5.el8_8.1.i686.rpm	SHA-256: 32af44ac8b0e876cbd2b59ab0dd3da76f42121b884144bc5bbd420f31b335cfd
libnghttp2-debuginfo-1.33.0-5.el8_8.1.x86_64.rpm	SHA-256: dcae678cff6ed3bf1e5c542b9a9515e56014bd0598c7d3d14efc21598a9bbe8f
libnghttp2-devel-1.33.0-5.el8_8.1.i686.rpm	SHA-256: 50093086bb08f9e5f7dc7b4b8c991ef093e8f1532975b980e9ffc66c628dab70
libnghttp2-devel-1.33.0-5.el8_8.1.x86_64.rpm	SHA-256: 1bafdd4ee92cd11683184e9f3bcaf0fe5443543870258b93045dfbfe2d2c0fa4
nghttp2-1.33.0-5.el8_8.1.x86_64.rpm	SHA-256: b8821a959742c0d8c8e310a8ad05c23f42ca91d86402ed0b03a8b3c7985473ff
nghttp2-debuginfo-1.33.0-5.el8_8.1.i686.rpm	SHA-256: 2862de389952f127eb02cdf5fc18a86ec1b0f9f305cd10ed44a65c5704c1d01f
nghttp2-debuginfo-1.33.0-5.el8_8.1.x86_64.rpm	SHA-256: 705122e59ce9395843e275ed4d82d8d481dfa6398e45c3f058e9f0776bdb094d
nghttp2-debugsource-1.33.0-5.el8_8.1.i686.rpm	SHA-256: caebe1913538cba6a638e3749c57a1ada0915a3b2c9549dbdc380778f5afaa24
nghttp2-debugsource-1.33.0-5.el8_8.1.x86_64.rpm	SHA-256: 453203ad29d7fd0a0b59677ff44354d51335239dd4d77b5d2be2b5587e1c8e5b

Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.8

SRPM
ppc64le
libnghttp2-debuginfo-1.33.0-5.el8_8.1.ppc64le.rpm	SHA-256: f2b96f59e0ed88535a50a34d5534639eeb7a966d030fcd677eca490470757601
libnghttp2-devel-1.33.0-5.el8_8.1.ppc64le.rpm	SHA-256: 992506ce5c7eeb57b0d6c77928ebecd8dfe65678e4778fb38ec3ef36b8a21c51
nghttp2-1.33.0-5.el8_8.1.ppc64le.rpm	SHA-256: 3d44c8cad23b10769997f1120d9775046df4ab1c933ca503f2a076ba39c4b316
nghttp2-debuginfo-1.33.0-5.el8_8.1.ppc64le.rpm	SHA-256: d10b7fc8beea502c24d3d7b82d9e4541d0d2b074cec5c238f0d2728dc7379783
nghttp2-debugsource-1.33.0-5.el8_8.1.ppc64le.rpm	SHA-256: bd71be41ef12a785d39f175d21d913e7aa51ccfcc30a3297d01ec52912ebb478

Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 8.8

SRPM
s390x
libnghttp2-debuginfo-1.33.0-5.el8_8.1.s390x.rpm	SHA-256: 83ffe5c4e9885c47688c1504549a069dc27d6396ea6d6e742c906276f106142d
libnghttp2-devel-1.33.0-5.el8_8.1.s390x.rpm	SHA-256: 8aa869478e0a3a9fa4eaf33be1918d3e3d2abc2db7895c9286b4cb4961746233
nghttp2-1.33.0-5.el8_8.1.s390x.rpm	SHA-256: cf674948dbe6c02979fb19aa7010434a5123d6fa7396677c2bb56cb36482e9ab
nghttp2-debuginfo-1.33.0-5.el8_8.1.s390x.rpm	SHA-256: 77d125876ad28d88dd0fb82c3eef6e7bc5572474c8315609d10d758a337dcedc
nghttp2-debugsource-1.33.0-5.el8_8.1.s390x.rpm	SHA-256: 6065e2bc353e23d41bfa195fd256153001e3f2e11de6d65cd6bd3cd896ea509d

Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.8

SRPM
aarch64
libnghttp2-debuginfo-1.33.0-5.el8_8.1.aarch64.rpm	SHA-256: 0a9508d5c91b29bd1062f4cdad930c536820cb45488e6168b8d46d426b42a3b9
libnghttp2-devel-1.33.0-5.el8_8.1.aarch64.rpm	SHA-256: 0a9bacbbabc9bba74c00d3d5d7d737433559e1c982825bd13ae4b3cb558e65b9
nghttp2-1.33.0-5.el8_8.1.aarch64.rpm	SHA-256: 5955294c563cef83f8f5a5db6f83778f721e0b0dcf4ba5a26281979d721488df
nghttp2-debuginfo-1.33.0-5.el8_8.1.aarch64.rpm	SHA-256: 7c685bce55cdc4fa1816f03fba303208abc15941173481714b07e5c3a128d6af
nghttp2-debugsource-1.33.0-5.el8_8.1.aarch64.rpm	SHA-256: 21c3ad5be25608c79361856f0e2c41b319ddcba254f0fe2686fbdfb74b3c9637

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation