Issued:: 2024-07-16
Updated:: 2024-07-16

RHSA-2024:4576 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: nghttp2 security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for nghttp2 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 (HTTP/2) protocol in C.

Security Fix(es):

nghttp2: CONTINUATION frames DoS (CVE-2024-28182)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server - AUS 8.2 x86_64

Fixes

BZ - 2268639 - CVE-2024-28182 nghttp2: CONTINUATION frames DoS

CVEs

CVE-2024-28182

References

https://access.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - AUS 8.2

SRPM
nghttp2-1.33.0-3.el8_2.3.src.rpm	SHA-256: eeb6849491bd88d00d1c5163d866d0cc7ea2d5448d16371cab0e4416d15943cc
x86_64
libnghttp2-1.33.0-3.el8_2.3.i686.rpm	SHA-256: 6ef6ac2718577d449f8bdd5d8804c4e29b807e85215dbb11d823e9423bac50cc
libnghttp2-1.33.0-3.el8_2.3.x86_64.rpm	SHA-256: 42d645d8617ab6a1bc89a59f3f635dccad155287e923f55fbebf69cdd568dc6e
libnghttp2-debuginfo-1.33.0-3.el8_2.3.i686.rpm	SHA-256: 82642084ba09b62930107594b3d94e253241c2882abc072e368808eb55ac82d4
libnghttp2-debuginfo-1.33.0-3.el8_2.3.x86_64.rpm	SHA-256: 6d4ed8da21fd658f4ca60e1043d7c039b4f54d758ab41f99cf8b3981039a6773
nghttp2-debuginfo-1.33.0-3.el8_2.3.i686.rpm	SHA-256: e1bd43c4d0929f83ec71fc6a0dbee6069709135c32f7ab821187ccd900f60970
nghttp2-debuginfo-1.33.0-3.el8_2.3.x86_64.rpm	SHA-256: cda3581aa42b420752693e52de39727d9346bff4ece9550cab1036e600063156
nghttp2-debugsource-1.33.0-3.el8_2.3.i686.rpm	SHA-256: 534e409e0e4b9b53185e31b62b97474b3f340665735d928e5e638aed2377997f
nghttp2-debugsource-1.33.0-3.el8_2.3.x86_64.rpm	SHA-256: 5754079501f551fc58b4d092e2f3253af3b78acf055e14ef14d0150fb1a7ba8a

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation