| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 13 Aug 2019 14:12:40 -0700 From: Apple Product Security via Fulldisclosure <fulldisclosure@...lists.org> To: security-announce@...ts.apple.com Subject: [FD] APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0 SwiftNIO HTTP/2 1.5.0 is now available and addresses the following: SwiftNIO HTTP/2 Available for: SwiftNIO HTTP/2 1.0.0 through 1.4.0 on macOS Sierra 10.12 and later and Ubuntu 14.04 and later Impact: A HTTP/2 server may consume unbounded amounts of memory when receiving certain traffic patterns and eventually suffer resource exhaustion Description: This issue was addressed with improved buffer size management. CVE-2019-9512: Jonathan Looney of Netflix CVE-2019-9514: Jonathan Looney of Netflix CVE-2019-9515: Jonathan Looney of Netflix CVE-2019-9516: Jonathan Looney of Netflix SwiftNIO HTTP/2 Available for: SwiftNIO HTTP/2 1.0.0 through 1.4.0 on macOS Sierra 10.12 and later and Ubuntu 14.04 and later Impact: A HTTP/2 server may consume excessive CPU resources when receiving certain traffic patterns Description: This issue was addressed with improved input validation. CVE-2019-9518: Piotr Sikora of Google, Envoy Security Team Installation note: SwiftNIO HTTP/2 1.5.0 may be obtained via Swift Package Manager. Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 and https://github.com/apple/swift-nio-http2/releases/tag/1.5.0. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAl1S69ApHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3Elqw// TAkt1t7YKV8hvLOUd/60+kTutSQMapp6y6+UxaHmCXVp8ftwDz92Z0YD1RdBETjc NrsUHWgfoHpKQgZSzfCQLqmSvxwzVw2JD1OjUCdwLLf7B7nO6sBIkmJzQ62HHuse Ixy0fm06HXt1buDAhpG/cmOHtJYS0kNYfTONkv9WGuvkqr7/neaiMcsIRLdwUsim AJZYt0vzKvyG8hnKH0NRp1EygGf9OBoJMdp6e21xeQxj1xqFKV9jnn43/1yhdqvY 201dzY2zJ3UycM5ao4vQndFQkysATRojjHEY7U+RMu3WJsqA5hKjQH6vvZDaVjsq 8Bx1otGPUHhl7YusdYD2LI927+tNH1SZDStdCutuho4rs2PvVeHW5SBug4decYOw 0VEl/UaIitHoDuzFGMyu9ZYdutsHdLgsFC1FtK62l8/CMASJJsRL+MsBj9WZmtMk KzqQYYbkD0f3MVzesxTjM9tAqrItGglevkzSGL7jXN9oVz/Qr/I3A9u9BcQbgYbS nwem75bWYkTDiXznxDST+iafKFWZurt66J/Akd0KadioEq5cxP/fL65DBQjrpuWr 1CQPErEfJyO8ngyhYTul3mqNHUyPIyEymihYg8+StN2PZDhOvHurrpP3GiWV1y9H lsOyDbNanEeqFlQMzG/94j8dexBtKLQTcWJn1nf/Q/4= =FBOZ -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists