What is the severity of RHSA-2020:2784?

The severity of RHSA-2020:2784 is classified as important due to the potential denial of service vulnerability.

How do I fix RHSA-2020:2784?

To fix RHSA-2020:2784, update the affected packages to version 1.7.1-8.el7.1 or later.

What components are affected by RHSA-2020:2784?

RHSA-2020:2784 affects the httpd24-nghttp2, httpd24-libnghttp2, and related development packages.

What vulnerability is addressed in RHSA-2020:2784?

RHSA-2020:2784 addresses CVE-2020-11080, which allows overly large SETTINGS frames that can lead to denial of service.

Is there a workaround for RHSA-2020:2784 if I cannot apply the update immediately?

There are no official workarounds for RHSA-2020:2784, so it is strongly recommended to apply the update as soon as possible.

Vulnerability/
RHSA-2020:2784

1/7/2020

RHSA-2020:2784: Important: httpd24-nghttp2 security update

First published: Wed Jul 01 2020(Updated: )

libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 (HTTP/2) protocol in C. <br>Security Fix(es):<br><li> nghttp2: overly large SETTINGS frames can lead to DoS (CVE-2020-11080)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Software	Affected Version	How to fix
redhat/httpd24-nghttp2	<1.7.1-8.el7.1	1.7.1-8.el7.1
redhat/httpd24-libnghttp2	<1.7.1-8.el7.1	1.7.1-8.el7.1
redhat/httpd24-libnghttp2-devel	<1.7.1-8.el7.1	1.7.1-8.el7.1
redhat/httpd24-nghttp2	<1.7.1-8.el7.1	1.7.1-8.el7.1
redhat/httpd24-nghttp2-debuginfo	<1.7.1-8.el7.1	1.7.1-8.el7.1
redhat/httpd24-libnghttp2	<1.7.1-8.el7.1	1.7.1-8.el7.1
redhat/httpd24-libnghttp2-devel	<1.7.1-8.el7.1	1.7.1-8.el7.1
redhat/httpd24-nghttp2-debuginfo	<1.7.1-8.el7.1	1.7.1-8.el7.1
redhat/httpd24-libnghttp2	<1.7.1-8.el7.1	1.7.1-8.el7.1
redhat/httpd24-libnghttp2-devel	<1.7.1-8.el7.1	1.7.1-8.el7.1
redhat/httpd24-nghttp2	<1.7.1-8.el7.1	1.7.1-8.el7.1
redhat/httpd24-nghttp2-debuginfo	<1.7.1-8.el7.1	1.7.1-8.el7.1
redhat/httpd24-libnghttp2	<1.7.1-8.el7.1.aa	1.7.1-8.el7.1.aa
redhat/httpd24-libnghttp2-devel	<1.7.1-8.el7.1.aa	1.7.1-8.el7.1.aa
redhat/httpd24-nghttp2	<1.7.1-8.el7.1.aa	1.7.1-8.el7.1.aa
redhat/httpd24-nghttp2-debuginfo	<1.7.1-8.el7.1.aa	1.7.1-8.el7.1.aa
redhat/httpd24-nghttp2	<1.7.1-8.el6.1	1.7.1-8.el6.1
redhat/httpd24-libnghttp2	<1.7.1-8.el6.1	1.7.1-8.el6.1
redhat/httpd24-libnghttp2-devel	<1.7.1-8.el6.1	1.7.1-8.el6.1
redhat/httpd24-nghttp2	<1.7.1-8.el6.1	1.7.1-8.el6.1
redhat/httpd24-nghttp2-debuginfo	<1.7.1-8.el6.1	1.7.1-8.el6.1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of RHSA-2020:2784?
The severity of RHSA-2020:2784 is classified as important due to the potential denial of service vulnerability.
How do I fix RHSA-2020:2784?
To fix RHSA-2020:2784, update the affected packages to version 1.7.1-8.el7.1 or later.
What components are affected by RHSA-2020:2784?
RHSA-2020:2784 affects the httpd24-nghttp2, httpd24-libnghttp2, and related development packages.
What vulnerability is addressed in RHSA-2020:2784?
RHSA-2020:2784 addresses CVE-2020-11080, which allows overly large SETTINGS frames that can lead to denial of service.
Is there a workaround for RHSA-2020:2784 if I cannot apply the update immediately?
There are no official workarounds for RHSA-2020:2784, so it is strongly recommended to apply the update as soon as possible.

agent/severity
agent/type
agent/softwarecombine
agent/last-modified-date
agent/first-publish-date
agent/references
agent/title
agent/remedy
agent/description
collector/redhat-errata
source/Red Hat
anchor-id/RHSA-2020:2784
agent/software-canonical-lookup
agent/event
agent/trending
agent/tags
agent/source
package-manager/redhat