Security update for nghttp2
This update for nghttp2 fixes the following issues:
Security issues fixed:
- CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service (bsc#1146184).
- CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#11461).
Bug fixes and enhancements:
- Fixed mistake in spec file (bsc#1125689)
- Fixed build issue with boost 1.70.0 (bsc#1134616)
- Feature: Add W&S module (FATE#326776, bsc#1112438)
This update was imported from the SUSE:SLE-15:Update update project.
-
Submitted by
Martin Pluskal (pluskalm)
Fixed bugs
bnc#1112438
[TRACKER] FATE #326776 - nodejs10 for W&S module
bnc#1125689
nghttp2 mistake in spec file
bnc#1134616
nghttp2: fails to build with boost 1.70.0
bnc#1146182
VUL-0: CVE-2019-9511: nghttp2: HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially lei
bnc#1146184
VUL-1: CVE-2019-9513: nghttp2: HTTP/2 implementation is vulnerable to resource loops, potentially leading to a denial of service.
