[El-errata] ELSA-2020-2755 Important: Oracle Linux 8 nghttp2 security update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Fri Jun 26 06:30:53 PDT 2020
Oracle Linux Security Advisory ELSA-2020-2755
http://linux.oracle.com/errata/ELSA-2020-2755.html
The following updated rpms for Oracle Linux 8 have been uploaded to the
Unbreakable Linux Network:
x86_64:
libnghttp2-1.33.0-3.el8_2.1.i686.rpm
libnghttp2-1.33.0-3.el8_2.1.x86_64.rpm
nghttp2-1.33.0-3.el8_2.1.x86_64.rpm
libnghttp2-devel-1.33.0-3.el8_2.1.x86_64.rpm
libnghttp2-devel-1.33.0-3.el8_2.1.i686.rpm
aarch64:
libnghttp2-1.33.0-3.el8_2.1.aarch64.rpm
libnghttp2-devel-1.33.0-3.el8_2.1.aarch64.rpm
nghttp2-1.33.0-3.el8_2.1.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/nghttp2-1.33.0-3.el8_2.1.src.rpm
Description of changes:
[1.33.0-3.el8_2.1]
- prevent DoS caused by overly large SETTINGS frames (CVE-2020-11080)
[1.33.0-3]
- rebuild to trigger gating (#1681044)
[1.33.0-2]
- backport security fixes from nghttp2-1.39.2 (CVE-2019-9511 and
CVE-2019-9513)
More information about the El-errata
mailing list