lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-id: <DDA0A8EA-456B-44CC-9BF8-9F72F0B7A30A@lists.apple.com>
Date: Tue, 13 Aug 2019 14:12:40 -0700
From: Apple Product Security via Fulldisclosure <fulldisclosure@...lists.org>
To: security-announce@...ts.apple.com
Subject: [FD] APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0

SwiftNIO HTTP/2 1.5.0 is now available and addresses the following:

SwiftNIO HTTP/2
Available for: SwiftNIO HTTP/2 1.0.0 through 1.4.0 on
macOS Sierra 10.12 and later and Ubuntu 14.04 and later
Impact: A HTTP/2 server may consume unbounded amounts of memory when
receiving certain traffic patterns and eventually suffer resource
exhaustion
Description: This issue was addressed with improved buffer size
management.
CVE-2019-9512: Jonathan Looney of Netflix
CVE-2019-9514: Jonathan Looney of Netflix
CVE-2019-9515: Jonathan Looney of Netflix
CVE-2019-9516: Jonathan Looney of Netflix

SwiftNIO HTTP/2
Available for: SwiftNIO HTTP/2 1.0.0 through 1.4.0 on
macOS Sierra 10.12 and later and Ubuntu 14.04 and later
Impact: A HTTP/2 server may consume excessive CPU resources when
receiving certain traffic patterns
Description: This issue was addressed with improved input validation.
CVE-2019-9518: Piotr Sikora of Google, Envoy Security Team

Installation note:

SwiftNIO HTTP/2 1.5.0 may be obtained via Swift Package Manager.

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222 and
https://github.com/apple/swift-nio-http2/releases/tag/1.5.0.

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----

iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAl1S69ApHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3Elqw//
TAkt1t7YKV8hvLOUd/60+kTutSQMapp6y6+UxaHmCXVp8ftwDz92Z0YD1RdBETjc
NrsUHWgfoHpKQgZSzfCQLqmSvxwzVw2JD1OjUCdwLLf7B7nO6sBIkmJzQ62HHuse
Ixy0fm06HXt1buDAhpG/cmOHtJYS0kNYfTONkv9WGuvkqr7/neaiMcsIRLdwUsim
AJZYt0vzKvyG8hnKH0NRp1EygGf9OBoJMdp6e21xeQxj1xqFKV9jnn43/1yhdqvY
201dzY2zJ3UycM5ao4vQndFQkysATRojjHEY7U+RMu3WJsqA5hKjQH6vvZDaVjsq
8Bx1otGPUHhl7YusdYD2LI927+tNH1SZDStdCutuho4rs2PvVeHW5SBug4decYOw
0VEl/UaIitHoDuzFGMyu9ZYdutsHdLgsFC1FtK62l8/CMASJJsRL+MsBj9WZmtMk
KzqQYYbkD0f3MVzesxTjM9tAqrItGglevkzSGL7jXN9oVz/Qr/I3A9u9BcQbgYbS
nwem75bWYkTDiXznxDST+iafKFWZurt66J/Akd0KadioEq5cxP/fL65DBQjrpuWr
1CQPErEfJyO8ngyhYTul3mqNHUyPIyEymihYg8+StN2PZDhOvHurrpP3GiWV1y9H
lsOyDbNanEeqFlQMzG/94j8dexBtKLQTcWJn1nf/Q/4=
=FBOZ
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ