Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 23 Dec 2015 17:59:17 +0100
From: Hanno Böck <>
Subject: Use after free in nghttp2

Quote from release announcement:
"This release fixes heap-use-after-free bug in idle stream handling
code. We strongly recommend to upgrade the older installation to this
latest version as soon as possible."

Given nghttp2 is used for many (most?) http2 deployments and these
become more and more common I think this is rather serious.

Hanno Böck


Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ