[ol7_software_collections] httpd24-libnghttp2-1.7.1-11.0.1.el7.x86_64

libnghttp2 is a library implementing the Hypertext Transfer Protocol
version 2 (HTTP/2) protocol in C.

Changelog (Show File list) (Show related packages)

• Wed Dec 06 2023 Darren Archibald <darren.archibald@oracle.com> - 1.7.1-11.0.1

  - Oracle patch rework to fix CVE-2023-44487

• Mon Nov 06 2023 Darren Archibald <darren.archibald@oracle.com> - 1.7.1-11

  - Fix for CVE-2023-44487 httpd24-httpd: HTTP/2: Multiple HTTP/2
    enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)

• Thu Jun 25 2020 Lubos Uhliarik <luhliari@redhat.com> - 1.7.1-8.1

  - Resolves: #1845302 - CVE-2020-11080 httpd24-nghttp2: nghttp2: overly large
    SETTINGS frames can lead to DoS

• Tue Aug 27 2019 Lubos Uhliarik <luhliari@redhat.com> - 1.7.1-8

  - Resolves: #1745692 - CVE-2019-9513 httpd24-nghttp2: HTTP/2: flood using
    PRIORITY frames resulting in excessive resource consumption
  - Resolves: # 1744825 - CVE-2019-9511 httpd24-nghttp2: HTTP/2: large 
    amount of data request leads to denial of service

• Thu Sep 13 2018 Luboš Uhliarik <luhliari@redhat.com> - 1.7.1-7

  - Resolves: #1540167 - provides without httpd24 pre/in-fix

• Wed May 24 2017 Luboš Uhliarik <luhliari@redhat.com> - 1.7.1-6

  - rebuild

• Wed Feb 17 2016 Jan Kaluza <jkaluza@redhat.com> 1.7.1-1

  - fix CVE-2016-1544 (out of memory due to unlimited incoming HTTP header)

• Tue Feb 09 2016 Jan Kaluza <jkaluza@redhat.com> 1.7.0-3

  - make the package build on RHEL-6 (libnghttp2 only)

• Mon Feb 08 2016 Jan Kaluza <jkaluza@redhat.com> 1.7.0-2

  - enable tests

• Mon Jan 25 2016 Kamil Dudka <kdudka@redhat.com> 1.7.0-1

  - update to the latest upstream release