Oval Definition:	oval:com.ubuntu.bionic:def:201995140000000
Revision Date: 2019-08-13 Version: 1 Title: CVE-2019-9514 on Ubuntu 18.04 LTS (bionic) - medium. Description: Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both. It was discovered that Netty incorrectly implements HTTP/2. An attacker could possibly use this issue to cause a denial of service. Family: unix Class: vulnerability Status: Reference(s): CVE-2019-9514 Platform(s): Ubuntu 18.04 LTS Product(s): Definition Synopsis Ubuntu 18.04 LTS (bionic) is installed. AND Package Information golang-1.10 package in bionic is affected and may need fixing. OR golang-1.8 package in bionic is affected and may need fixing. OR golang-1.9 package in bionic is affected and may need fixing. OR golang-google-grpc package in bionic is affected and needs fixing. OR grpc package in bionic is affected and needs fixing. OR h2o package in bionic is affected and may need fixing. OR netty package in bionic is affected and needs fixing. OR trafficserver package in bionic is affected and needs fixing. OR twisted package in bionic was vulnerable but has been fixed (note: '17.9.0-2ubuntu0.1').
BACK