Red Hat Product Errata RHSA-2024:4252 - Security Advisory
Issued:
2024-07-02
Updated:
2024-07-02

RHSA-2024:4252 - Security Advisory

Synopsis

Moderate: nghttp2 security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for nghttp2 is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 (HTTP/2) protocol in C.

Security Fix(es):

  • nghttp2: CONTINUATION frames DoS (CVE-2024-28182)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for ARM 64 8 aarch64
  • Red Hat CodeReady Linux Builder for x86_64 8 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le
  • Red Hat CodeReady Linux Builder for ARM 64 8 aarch64
  • Red Hat CodeReady Linux Builder for IBM z Systems 8 s390x

Fixes

  • BZ - 2268639 - CVE-2024-28182 nghttp2: CONTINUATION frames DoS

Red Hat Enterprise Linux for x86_64 8

SRPM
nghttp2-1.33.0-6.el8_10.1.src.rpm SHA-256: 9cf44c14ea0a908468049f7d301662e5ee1e0769b0ad144cae10b2a9158c2cbe
x86_64
libnghttp2-1.33.0-6.el8_10.1.i686.rpm SHA-256: 2d42c038b703d0e70adc7de7389bede6026dc33ab81386880f46a8235f123b88
libnghttp2-1.33.0-6.el8_10.1.x86_64.rpm SHA-256: 7db208659d8dd140ce766390f280dbf59178846fa261acfe8f834d405cd0ce5e
libnghttp2-debuginfo-1.33.0-6.el8_10.1.i686.rpm SHA-256: 947a681662f7915dcee64fa4b25fb3f6f03c3c0eee85111202da34da82fb6035
libnghttp2-debuginfo-1.33.0-6.el8_10.1.x86_64.rpm SHA-256: 9f83e65134bc41ccbc40eb0baf48b32dadf55419273cbb9073672aeb1add48cb
nghttp2-debuginfo-1.33.0-6.el8_10.1.i686.rpm SHA-256: 81ef51429fdfe71d50f8d463383fccdb2b1ce6d319d23b80dc513ef9f7eeebcf
nghttp2-debuginfo-1.33.0-6.el8_10.1.x86_64.rpm SHA-256: 308cf964fd777cf758e54bec8dcd691069f2c20191759b79526e4311278011dd
nghttp2-debugsource-1.33.0-6.el8_10.1.i686.rpm SHA-256: 29ae022ba16e8350de1122331ed8cd97b705d18f50ee0d6b9cef1f8e31c19367
nghttp2-debugsource-1.33.0-6.el8_10.1.x86_64.rpm SHA-256: 785b186a57451e61ffdf71295bb02771a27668fd1b6fc8adafc8411d47dba598

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
nghttp2-1.33.0-6.el8_10.1.src.rpm SHA-256: 9cf44c14ea0a908468049f7d301662e5ee1e0769b0ad144cae10b2a9158c2cbe
s390x
libnghttp2-1.33.0-6.el8_10.1.s390x.rpm SHA-256: 479cb82739f1c976e2536cbfe1e4ca29f64154d53d11e76ba64f86b2879f59ab
libnghttp2-debuginfo-1.33.0-6.el8_10.1.s390x.rpm SHA-256: 83b6f427a92ec7b12f54eaec75279341cc21f6113374f069d18425f8a1363865
nghttp2-debuginfo-1.33.0-6.el8_10.1.s390x.rpm SHA-256: 84e03ffebc3f81a55d4da4e3e0dac80e84289c5c2b587eb02bff105cdbc82e21
nghttp2-debugsource-1.33.0-6.el8_10.1.s390x.rpm SHA-256: bee09f4f9c0e834e859ff145489cb4ad04a8e4ce9fc212e4ff43f2259fda9454

Red Hat Enterprise Linux for Power, little endian 8

SRPM
nghttp2-1.33.0-6.el8_10.1.src.rpm SHA-256: 9cf44c14ea0a908468049f7d301662e5ee1e0769b0ad144cae10b2a9158c2cbe
ppc64le
libnghttp2-1.33.0-6.el8_10.1.ppc64le.rpm SHA-256: d7a306526490b3f56de7963ecf10647981c112bb2f4ed75b97344d6e0eb58f47
libnghttp2-debuginfo-1.33.0-6.el8_10.1.ppc64le.rpm SHA-256: 1d4602a5959e13490a568573dd41cc3314adf9c62b4d3522113b0bd94f1090e3
nghttp2-debuginfo-1.33.0-6.el8_10.1.ppc64le.rpm SHA-256: b6a4b9f4b1f49c655716755d05f292956dc151177d2f964d4b819279cf5beea5
nghttp2-debugsource-1.33.0-6.el8_10.1.ppc64le.rpm SHA-256: 093431c6ac29c8403bf95c4af7f5c7082d21b10ff0ebdb68d41091d5923ccfb6

Red Hat Enterprise Linux for ARM 64 8

SRPM
nghttp2-1.33.0-6.el8_10.1.src.rpm SHA-256: 9cf44c14ea0a908468049f7d301662e5ee1e0769b0ad144cae10b2a9158c2cbe
aarch64
libnghttp2-1.33.0-6.el8_10.1.aarch64.rpm SHA-256: 52c4eda9f4614df88bda5252509435d544d93c5a0ab5c3d2ba7d028fbda39089
libnghttp2-debuginfo-1.33.0-6.el8_10.1.aarch64.rpm SHA-256: 153cd89b5fa77c7f723ea42ab68d8213d11dea7a8d075c9d664546260516c6b2
nghttp2-debuginfo-1.33.0-6.el8_10.1.aarch64.rpm SHA-256: 146269f459d530dfba1412bdf21bb260ae7176b8446031d103be658e4780735f
nghttp2-debugsource-1.33.0-6.el8_10.1.aarch64.rpm SHA-256: a2b221cb0543e8ff40cec0568b73559577c98e4262b71f65649fc1451f7ed403

Red Hat CodeReady Linux Builder for x86_64 8

SRPM
x86_64
libnghttp2-debuginfo-1.33.0-6.el8_10.1.i686.rpm SHA-256: 947a681662f7915dcee64fa4b25fb3f6f03c3c0eee85111202da34da82fb6035
libnghttp2-debuginfo-1.33.0-6.el8_10.1.x86_64.rpm SHA-256: 9f83e65134bc41ccbc40eb0baf48b32dadf55419273cbb9073672aeb1add48cb
libnghttp2-devel-1.33.0-6.el8_10.1.i686.rpm SHA-256: e79224b5ba5a7ca4293d3de4916f6daa99353419607c709676f60fea11371273
libnghttp2-devel-1.33.0-6.el8_10.1.x86_64.rpm SHA-256: 72a4968e67da88848bdb287386f72e4c827ef6410d36bab789994217189ae918
nghttp2-1.33.0-6.el8_10.1.x86_64.rpm SHA-256: 23a60926807dc1b014a14ba22a565ca9fc75660258e7416fe0d2788ed49aff88
nghttp2-debuginfo-1.33.0-6.el8_10.1.i686.rpm SHA-256: 81ef51429fdfe71d50f8d463383fccdb2b1ce6d319d23b80dc513ef9f7eeebcf
nghttp2-debuginfo-1.33.0-6.el8_10.1.x86_64.rpm SHA-256: 308cf964fd777cf758e54bec8dcd691069f2c20191759b79526e4311278011dd
nghttp2-debugsource-1.33.0-6.el8_10.1.i686.rpm SHA-256: 29ae022ba16e8350de1122331ed8cd97b705d18f50ee0d6b9cef1f8e31c19367
nghttp2-debugsource-1.33.0-6.el8_10.1.x86_64.rpm SHA-256: 785b186a57451e61ffdf71295bb02771a27668fd1b6fc8adafc8411d47dba598

Red Hat CodeReady Linux Builder for Power, little endian 8

SRPM
ppc64le
libnghttp2-debuginfo-1.33.0-6.el8_10.1.ppc64le.rpm SHA-256: 1d4602a5959e13490a568573dd41cc3314adf9c62b4d3522113b0bd94f1090e3
libnghttp2-devel-1.33.0-6.el8_10.1.ppc64le.rpm SHA-256: 12fa70f244f2055e06b5a27fd70ec714fdfbad9aed4077c7883007f9e19049a7
nghttp2-1.33.0-6.el8_10.1.ppc64le.rpm SHA-256: 0acaefc3a56ee84ba6e6fb96f9e503bfe4f5824dc04b1ad2d454c0b88301985a
nghttp2-debuginfo-1.33.0-6.el8_10.1.ppc64le.rpm SHA-256: b6a4b9f4b1f49c655716755d05f292956dc151177d2f964d4b819279cf5beea5
nghttp2-debugsource-1.33.0-6.el8_10.1.ppc64le.rpm SHA-256: 093431c6ac29c8403bf95c4af7f5c7082d21b10ff0ebdb68d41091d5923ccfb6

Red Hat CodeReady Linux Builder for ARM 64 8

SRPM
aarch64
libnghttp2-debuginfo-1.33.0-6.el8_10.1.aarch64.rpm SHA-256: 153cd89b5fa77c7f723ea42ab68d8213d11dea7a8d075c9d664546260516c6b2
libnghttp2-devel-1.33.0-6.el8_10.1.aarch64.rpm SHA-256: e0760b4155a69f50aacee2088c2c2bf9a43c5c072bbd81def1eca8092ab9cae8
nghttp2-1.33.0-6.el8_10.1.aarch64.rpm SHA-256: bc79877282e247df4ff1bfc8edca4b67d16f31da65cd9befc95de087e04e3c88
nghttp2-debuginfo-1.33.0-6.el8_10.1.aarch64.rpm SHA-256: 146269f459d530dfba1412bdf21bb260ae7176b8446031d103be658e4780735f
nghttp2-debugsource-1.33.0-6.el8_10.1.aarch64.rpm SHA-256: a2b221cb0543e8ff40cec0568b73559577c98e4262b71f65649fc1451f7ed403

Red Hat CodeReady Linux Builder for IBM z Systems 8

SRPM
s390x
libnghttp2-debuginfo-1.33.0-6.el8_10.1.s390x.rpm SHA-256: 83b6f427a92ec7b12f54eaec75279341cc21f6113374f069d18425f8a1363865
libnghttp2-devel-1.33.0-6.el8_10.1.s390x.rpm SHA-256: bdcd3bdb0c63c1cad5bd191e4914f4cb0f09e0153e921ba3adc4bc9149ebd689
nghttp2-1.33.0-6.el8_10.1.s390x.rpm SHA-256: b966102440ec82455cbbb4b80d3048c36743e4cb7703fe2c88cf355b4c5dc3ee
nghttp2-debuginfo-1.33.0-6.el8_10.1.s390x.rpm SHA-256: 84e03ffebc3f81a55d4da4e3e0dac80e84289c5c2b587eb02bff105cdbc82e21
nghttp2-debugsource-1.33.0-6.el8_10.1.s390x.rpm SHA-256: bee09f4f9c0e834e859ff145489cb4ad04a8e4ce9fc212e4ff43f2259fda9454

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.