CVSS Base Vector:
The remote host is missing an update for the 'nghttp2'
Linux Distribution Package(s) announced via the openSUSE-SU-2019:2234_1 advisory.
Checks if a vulnerable Linux Distribution Package version is present on the target host.
This update for nghttp2 fixes the following issues:
Security issues fixed:
- CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to
resource loops, potentially leading to a denial of service (bsc#1146184).
- CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to
window size manipulation and stream prioritization manipulation,
potentially leading to a denial of service (bsc#11461).
Bug fixes and enhancements:
- Fixed mistake in spec file (bsc#1125689)
- Fixed build issue with boost 1.70.0 (bsc#1134616)
- Feature: Add W&S module (FATE#326776, bsc#1112438)
This update was imported from the SUSE:SLE-15:Update update project.
To install this openSUSE Security Update use the SUSE recommended
like YaST online_update or 'zypper patch'.
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.0:
zypper in -t patch openSUSE-2019-2234=1
'nghttp2' Linux Distribution Package(s) on openSUSE Leap 15.0.
Please install the updated Linux Distribution Package(s).
Linux Distribution Package
SuSE Local Security Checks
Find and Fix this Vulnerability:
Mageni can help you to find out if you have this or more vulnerabilities exposing you to hackers, ransomware and malware: Download Mageni's Free Edition
NVD CVE ID: