Oval Definition:oval:com.ubuntu.disco:def:201995120000000
Revision Date:2019-08-13Version:1
Title:CVE-2019-9512 on Ubuntu 19.04 (disco) - medium.
Description:Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. It was discovered that Netty incorrectly implements HTTP/2. An attacker could possibly use this issue to cause a denial of service.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2019-9512
Platform(s):Ubuntu 19.04
Product(s):
Definition Synopsis
  • Ubuntu 19.04 (disco) is installed.
  • AND Package Information
  • golang-1.10 package in disco is affected and may need fixing.
  • OR golang-1.11 package in disco is affected and may need fixing.
  • OR golang-1.12 package in disco is affected and may need fixing.
  • OR h2o package in disco was vulnerable but has been fixed (note: '2.2.5+dfsg2-2+deb10u1build0.19.04.1').
  • OR netty package in disco is affected and needs fixing.
  • OR trafficserver package in disco is affected and needs fixing.
  • OR twisted package in disco is affected, but a decision has been made to defer addressing it (note: '2020-01-06').
    • BACK