Bugzilla – Bug 1146111
VUL-0: CVE-2019-9512: go: HTTP/2: flood using PING frames results in unbounded memory growth
Last modified: 2020-02-04 20:36:24 UTC
+++ This bug was initially created as a clone of Bug #1146099 +++ CVE-2019-9512 HTTP/2 flood using PING frames and queueing of response PING ACK frames that results in unbounded memory growth. References: https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/ https://bugzilla.redhat.com/show_bug.cgi?id=1735645 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9512 http://www.debian.org/security/2019/dsa-4503 http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9512.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512 http://www.cvedetails.com/cve/CVE-2019-9512/ https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md https://seclists.org/bugtraq/2019/Aug/24 https://kb.cert.org/vuls/id/605641/
SUSE-SU-2019:2213-1: An update that solves three vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1141688,1146111,1146115,1146123 CVE References: CVE-2019-14809,CVE-2019-9512,CVE-2019-9514 Sources used: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src): go1.11-1.11.13-1.18.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src): go1.11-1.11.13-1.18.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2019:2214-1: An update that solves three vulnerabilities and has two fixes is now available. Category: security (moderate) Bug References: 1139210,1141689,1146111,1146115,1146123 CVE References: CVE-2019-14809,CVE-2019-9512,CVE-2019-9514 Sources used: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src): go1.12-1.12.9-1.15.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src): go1.12-1.12.9-1.15.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2019:2000-1: An update that solves three vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 1139210,1141689,1146111,1146115,1146123 CVE References: CVE-2019-14809,CVE-2019-9512,CVE-2019-9514 Sources used: openSUSE Leap 15.1 (src): go1.12-1.12.9-lp151.2.9.1
openSUSE-SU-2019:2056-1: An update that solves three vulnerabilities and has two fixes is now available. Category: security (moderate) Bug References: 1139210,1141689,1146111,1146115,1146123 CVE References: CVE-2019-14809,CVE-2019-9512,CVE-2019-9514 Sources used: openSUSE Leap 15.1 (src): go1.12-1.12.9-lp151.2.13.1 openSUSE Leap 15.0 (src): go1.12-1.12.9-lp150.8.1
openSUSE-SU-2019:2072-1: An update that solves three vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1141688,1146111,1146115,1146123 CVE References: CVE-2019-14809,CVE-2019-9512,CVE-2019-9514 Sources used: openSUSE Leap 15.1 (src): go1.11-1.11.13-lp151.2.9.1 openSUSE Leap 15.0 (src): go1.11-1.11.13-lp150.18.1
openSUSE-SU-2019:2085-1: An update that solves three vulnerabilities and has two fixes is now available. Category: security (moderate) Bug References: 1139210,1141689,1146111,1146115,1146123 CVE References: CVE-2019-14809,CVE-2019-9512,CVE-2019-9514 Sources used: openSUSE Leap 15.1 (src): go1.12-1.12.9-lp151.2.17.1
openSUSE-SU-2019:2130-1: An update that solves three vulnerabilities and has two fixes is now available. Category: security (moderate) Bug References: 1139210,1141689,1146111,1146115,1146123 CVE References: CVE-2019-14809,CVE-2019-9512,CVE-2019-9514 Sources used: openSUSE Leap 15.1 (src): go1.12-1.12.9-lp151.2.21.1
I think this can be closed now as being solved.