ALT-PU-2015-2170-1
Package libnghttp2 updated to version 1.6.0-alt1 for branch sisyphus in task 155273.
Closed vulnerabilities
Published: 2016-01-12
BDU:2016-00507
Уязвимость библиотеки nghttp2, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
Severity: CRITICAL (10.0)
References:
Published: 2016-01-12
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2015-8659
The idle stream handling in nghttp2 before 1.6.0 allows attackers to have unspecified impact via unknown vectors, aka a heap-use-after-free bug.
Severity: CRITICAL (10.0)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
References:
- APPLE-SA-2016-03-21-1
- APPLE-SA-2016-03-21-1
- APPLE-SA-2016-03-21-2
- APPLE-SA-2016-03-21-2
- APPLE-SA-2016-03-21-3
- APPLE-SA-2016-03-21-3
- APPLE-SA-2016-03-21-5
- APPLE-SA-2016-03-21-5
- FEDORA-2016-54f85ec6e8
- FEDORA-2016-54f85ec6e8
- FEDORA-2016-8e13ac5754
- FEDORA-2016-8e13ac5754
- [oss-security] 20151223 Re: Use after free in nghttp2
- [oss-security] 20151223 Re: Use after free in nghttp2
- [oss-security] 20151223 Use after free in nghttp2
- [oss-security] 20151223 Use after free in nghttp2
- 1035353
- 1035353
- https://nghttp2.org/blog/2015/12/23/nghttp2-v1-6-0/
- https://nghttp2.org/blog/2015/12/23/nghttp2-v1-6-0/
- GLSA-201612-06
- GLSA-201612-06
- https://support.apple.com/HT206166
- https://support.apple.com/HT206166
- https://support.apple.com/HT206167
- https://support.apple.com/HT206167
- https://support.apple.com/HT206168
- https://support.apple.com/HT206168
- https://support.apple.com/HT206169
- https://support.apple.com/HT206169