SUSE-SU-2020:0722-1

See a problem?
Please try reporting it to the source first.

Source

https://www.suse.com/support/update/announcement/2020/suse-su-20200722-1/

Import Source

https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2020:0722-1.json

JSON Data

https://api.osv.dev/v1/vulns/SUSE-SU-2020:0722-1

Related

CVE-2019-18802

Published

2020-03-19T10:22:01Z

Modified

2025-05-02T04:09:05.587487Z

Upstream

CVE-2019-18802

Summary

Security update for nghttp2

Details

This update for nghttp2 fixes the following issues:

nghttp2 was update to version 1.40.0 (bsc#1166481)

lib: Add nghttp2checkauthority as public API
lib: Fix the bug that stream is closed with wrong error code
lib: Faster huffman encoding and decoding
build: Avoid filename collision of static and dynamic lib
build: Add new flag ENABLESTATICCRT for Windows
build: cmake: Support building nghttpx with systemd
third-party: Update neverbleed to fix memory leak
nghttpx: Fix bug that mruby is incorrectly shared between backends
nghttpx: Reconnect h1 backend if it lost connection before sending headers
nghttpx: Returns 408 if backend timed out before sending headers
nghttpx: Fix request stal

References

Affected packages

SUSE:Linux Enterprise Module for Basesystem 15 SP1 / nghttp2

Package

Name: nghttp2
Purl: pkg:rpm/suse/nghttp2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.40.0-3.6.3

Ecosystem specific

{
    "binaries": [
        {
            "libnghttp2_asio-devel": "1.40.0-3.6.3",
            "libnghttp2-devel": "1.40.0-3.6.3",
            "libnghttp2_asio1": "1.40.0-3.6.3",
            "libnghttp2-14": "1.40.0-3.6.3",
            "libnghttp2-14-32bit": "1.40.0-3.6.3"
        }
    ]
}