Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 23 Dec 2015 16:51:56 -0500 (EST)
From: cve-assign@...re.org
To: hanno@...eck.de
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: Use after free in nghttp2

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> https://nghttp2.org/blog/2015/12/23/nghttp2-v1-6-0/
> 
> This release fixes heap-use-after-free bug in idle stream handling
> code. We strongly recommend to upgrade the older installation to this
> latest version as soon as possible.

Use CVE-2015-8659.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWexaGAAoJEL54rhJi8gl5PncP/i7nC5VFxuoVMwjzIQ/KvNb0
JoVVIqQlXNfDD0knl8FvOx+KJzWzE5RIMgJOs4o2Lh3LPonXdeAHsfNQ8ZE1ENEl
I2lnSrC4k1U9TJJA6RlaStIytCde+7pGEsZPzCX5GnG+0tlt4AlaswBKc4BIYKTN
UemDt319fGOPybylwAovFXaHc2DDcOupMmBzDu0P5ErlkIfow9HZeLNF/oNEZPlk
Qm9DG17L9cwiv3FDq5VRcyevh9KZSavDhIdLz/nINST4sTikopUL3hSkhojH3e3E
YvoHhlS0dUNHQL+coksm/xgZ5ytQaUyAMujigq2Xpu8xb8Rsy3Kb48u8rTY0Bwmt
phzIOIRPmeiOxKFiFxX1hmFYaxOsWwQHKGjqwh9Y8ZbV+qLaOLDJfkhwapixTZSo
JMphliLe8TVTIN6AsQ5YIZc3e9yETfHJSC8iseeJaukC7zrVFy/2XhL5xKgB3AXf
au4r7ez/05iqKX6bYcaBpUPOEKX+aBmoSR1NsLAQk//HcnD4HZJpal/UgUPh/o4p
Tbu5AXPAjLoIvoPipjtqkwP3ZISkvwvYOzC8b6jDKvFF3MPwuwOBGw1eBa1FNTMr
bCJ1GJJna3CB6YxXAo4vFd/6hTafVtmK2tZThm7FgjAzSmJTaxROSGrTysevqqWs
WM0vso39SkAv6y7JpJbG
=c2Xe
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ