CVE-2019-9517

Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 89%
Affected Products (NVD)
VendorProductVersion
appleswiftnio
1.0.0 ≤
𝑥
≤ 1.4.0
apachehttp_server
2.4.20 ≤
𝑥
< 2.4.40
apachetraffic_server
6.0.0 ≤
𝑥
≤ 6.2.3
apachetraffic_server
7.0.0 ≤
𝑥
≤ 7.1.6
apachetraffic_server
8.0.0 ≤
𝑥
≤ 8.0.3
canonicalubuntu_linux
16.04
canonicalubuntu_linux
18.04
canonicalubuntu_linux
19.04
debiandebian_linux
9.0
debiandebian_linux
10.0
synologyskynas
-
synologydiskstation_manager
6.2
synologyvs960hd_firmware
-
opensuseleap
15.0
opensuseleap
15.1
redhatjboss_core_services
1.0
redhatjboss_enterprise_application_platform
7.2.0
redhatjboss_enterprise_application_platform
7.3.0
redhatopenshift_service_mesh
1.0
redhatquay
3.0.0
redhatsoftware_collections
1.0
redhatenterprise_linux
8.0
oraclecommunications_element_manager
8.0.0
oraclecommunications_element_manager
8.1.0
oraclecommunications_element_manager
8.1.1
oraclecommunications_element_manager
8.2.0
oraclegraalvm
19.2.0
oracleinstantis_enterprisetrack
17.1 ≤
𝑥
≤ 17.3
oracleretail_xstore_point_of_service
7.1
mcafeeweb_gateway
7.7.2.0 ≤
𝑥
< 7.7.2.24
mcafeeweb_gateway
7.8.2.0 ≤
𝑥
< 7.8.2.13
mcafeeweb_gateway
8.1.0 ≤
𝑥
< 8.2.0
netappclustered_data_ontap
-
nodejsnode.js
8.0.0 ≤
𝑥
≤ 8.8.1
nodejsnode.js
8.9.0 ≤
𝑥
< 8.16.1
nodejsnode.js
10.0.0 ≤
𝑥
≤ 10.12.0
nodejsnode.js
10.13.0 ≤
𝑥
< 10.16.3
nodejsnode.js
12.0.0 ≤
𝑥
< 12.8.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
apache2
bookworm
2.4.62-1~deb12u1
fixed
bookworm (security)
2.4.62-1~deb12u2
fixed
bullseye
2.4.62-1~deb11u1
fixed
bullseye (security)
2.4.62-1~deb11u2
fixed
jessie
not-affected
sid
2.4.62-3
fixed
trixie
2.4.62-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
apache2
bionic
Fixed 2.4.29-1ubuntu4.10
released
cosmic
ignored
disco
Fixed 2.4.38-2ubuntu2.2
released
trusty
not-affected
xenial
not-affected
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
apache2
suse enterprise desktop 15 SP2
2.4.43-1.15
fixed
suse enterprise desktop 15 SP3
2.4.43-3.17.1
fixed
suse enterprise desktop 15 SP4
2.4.51-150400.4.6
fixed
suse enterprise desktop 15 SP5
2.4.51-150400.6.11.1
fixed
suse enterprise desktop 15 SP6
2.4.58-150600.3.2
fixed
suse enterprise desktop 15 SP7
2.4.62-150700.2.2
fixed
suse enterprise sap 12 SP4
2.4.23-29.43.1
fixed
suse enterprise sap 12 SP5
2.4.23-29.43.1
fixed
suse enterprise sap 15
2.4.33-3.21.1
fixed
suse enterprise sap 15 SP1
2.4.33-3.21.1
fixed
suse enterprise sap 15 SP2
2.4.43-1.15
fixed
suse enterprise sap 15 SP3
2.4.43-3.17.1
fixed
suse enterprise sap 15 SP4
2.4.51-150400.4.6
fixed
suse enterprise sap 15 SP5
2.4.51-150400.6.11.1
fixed
suse enterprise sap 15 SP6
2.4.58-150600.3.2
fixed
suse enterprise sap 15 SP7
2.4.62-150700.2.2
fixed
suse enterprise server 12 SP3
2.4.23-29.43.1
fixed
suse enterprise server 12 SP4
2.4.23-29.43.1
fixed
suse enterprise server 12 SP5
2.4.23-29.43.1
fixed
suse enterprise server 15
2.4.33-3.21.1
fixed
suse enterprise server 15 SP1
2.4.33-3.21.1
fixed
suse enterprise server 15 SP2
2.4.43-1.15
fixed
suse enterprise server 15 SP3
2.4.43-3.17.1
fixed
suse enterprise server 15 SP4
2.4.51-150400.4.6
fixed
suse enterprise server 15 SP5
2.4.51-150400.6.11.1
fixed
suse enterprise server 15 SP6
2.4.58-150600.3.2
fixed
suse enterprise server 15 SP7
2.4.62-150700.2.2
fixed
apache2-devel
suse enterprise sap 15
2.4.33-3.21.1
fixed
suse enterprise sap 15 SP1
2.4.33-3.21.1
fixed
suse enterprise sap 15 SP2
2.4.43-1.15
fixed
suse enterprise sap 15 SP3
2.4.43-3.17.1
fixed
suse enterprise sap 15 SP4
2.4.51-150400.4.6
fixed
suse enterprise sap 15 SP7
2.4.62-150700.2.1
fixed
suse enterprise server 15
2.4.33-3.21.1
fixed
suse enterprise server 15 SP1
2.4.33-3.21.1
fixed
suse enterprise server 15 SP2
2.4.43-1.15
fixed
suse enterprise server 15 SP3
2.4.43-3.17.1
fixed
suse enterprise server 15 SP4
2.4.51-150400.4.6
fixed
suse enterprise server 15 SP7
2.4.62-150700.2.1
fixed
apache2-doc
suse enterprise sap 12 SP4
2.4.23-29.43.1
fixed
suse enterprise sap 12 SP5
2.4.23-29.43.1
fixed
suse enterprise sap 15
2.4.33-3.21.1
fixed
suse enterprise sap 15 SP1
2.4.33-3.21.1
fixed
suse enterprise sap 15 SP2
2.4.43-1.15
fixed
suse enterprise sap 15 SP3
2.4.43-3.17.1
fixed
suse enterprise sap 15 SP4
2.4.51-150400.4.6
fixed
suse enterprise sap 15 SP7
2.4.51-150400.6.43.1
fixed
suse enterprise server 12 SP3
2.4.23-29.43.1
fixed
suse enterprise server 12 SP4
2.4.23-29.43.1
fixed
suse enterprise server 12 SP5
2.4.23-29.43.1
fixed
suse enterprise server 15
2.4.33-3.21.1
fixed
suse enterprise server 15 SP1
2.4.33-3.21.1
fixed
suse enterprise server 15 SP2
2.4.43-1.15
fixed
suse enterprise server 15 SP3
2.4.43-3.17.1
fixed
suse enterprise server 15 SP4
2.4.51-150400.4.6
fixed
suse enterprise server 15 SP7
2.4.51-150400.6.43.1
fixed
apache2-example-pages
suse enterprise sap 12 SP4
2.4.23-29.43.1
fixed
suse enterprise sap 12 SP5
2.4.23-29.43.1
fixed
suse enterprise server 12 SP3
2.4.23-29.43.1
fixed
suse enterprise server 12 SP4
2.4.23-29.43.1
fixed
suse enterprise server 12 SP5
2.4.23-29.43.1
fixed
apache2-prefork
suse enterprise desktop 15 SP2
2.4.43-1.15
fixed
suse enterprise desktop 15 SP3
2.4.43-3.17.1
fixed
suse enterprise desktop 15 SP4
2.4.51-150400.4.6
fixed
suse enterprise desktop 15 SP5
2.4.51-150400.6.11.1
fixed
suse enterprise desktop 15 SP6
2.4.58-150600.3.2
fixed
suse enterprise desktop 15 SP7
2.4.62-150700.2.4
fixed
suse enterprise sap 12 SP4
2.4.23-29.43.1
fixed
suse enterprise sap 12 SP5
2.4.23-29.43.1
fixed
suse enterprise sap 15
2.4.33-3.21.1
fixed
suse enterprise sap 15 SP1
2.4.33-3.21.1
fixed
suse enterprise sap 15 SP2
2.4.43-1.15
fixed
suse enterprise sap 15 SP3
2.4.43-3.17.1
fixed
suse enterprise sap 15 SP4
2.4.51-150400.4.6
fixed
suse enterprise sap 15 SP5
2.4.51-150400.6.11.1
fixed
suse enterprise sap 15 SP6
2.4.58-150600.3.2
fixed
suse enterprise sap 15 SP7
2.4.62-150700.2.4
fixed
suse enterprise server 12 SP3
2.4.23-29.43.1
fixed
suse enterprise server 12 SP4
2.4.23-29.43.1
fixed
suse enterprise server 12 SP5
2.4.23-29.43.1
fixed
suse enterprise server 15
2.4.33-3.21.1
fixed
suse enterprise server 15 SP1
2.4.33-3.21.1
fixed
suse enterprise server 15 SP2
2.4.43-1.15
fixed
suse enterprise server 15 SP3
2.4.43-3.17.1
fixed
suse enterprise server 15 SP4
2.4.51-150400.4.6
fixed
suse enterprise server 15 SP5
2.4.51-150400.6.11.1
fixed
suse enterprise server 15 SP6
2.4.58-150600.3.2
fixed
suse enterprise server 15 SP7
2.4.62-150700.2.4
fixed
apache2-utils
suse enterprise desktop 15 SP2
2.4.43-1.15
fixed
suse enterprise desktop 15 SP3
2.4.43-3.17.1
fixed
suse enterprise desktop 15 SP4
2.4.51-150400.4.6
fixed
suse enterprise desktop 15 SP5
2.4.51-150400.6.11.1
fixed
suse enterprise sap 12 SP4
2.4.23-29.43.1
fixed
suse enterprise sap 12 SP5
2.4.23-29.43.1
fixed
suse enterprise sap 15
2.4.33-3.21.1
fixed
suse enterprise sap 15 SP1
2.4.33-3.21.1
fixed
suse enterprise sap 15 SP2
2.4.43-1.15
fixed
suse enterprise sap 15 SP3
2.4.43-3.17.1
fixed
suse enterprise sap 15 SP4
2.4.51-150400.4.6
fixed
suse enterprise sap 15 SP5
2.4.51-150400.6.11.1
fixed
suse enterprise sap 15 SP7
2.4.62-150700.2.4
fixed
suse enterprise server 12 SP3
2.4.23-29.43.1
fixed
suse enterprise server 12 SP4
2.4.23-29.43.1
fixed
suse enterprise server 12 SP5
2.4.23-29.43.1
fixed
suse enterprise server 15
2.4.33-3.21.1
fixed
suse enterprise server 15 SP1
2.4.33-3.21.1
fixed
suse enterprise server 15 SP2
2.4.43-1.15
fixed
suse enterprise server 15 SP3
2.4.43-3.17.1
fixed
suse enterprise server 15 SP4
2.4.51-150400.4.6
fixed
suse enterprise server 15 SP5
2.4.51-150400.6.11.1
fixed
suse enterprise server 15 SP7
2.4.62-150700.2.4
fixed
apache2-worker
suse enterprise sap 12 SP4
2.4.23-29.43.1
fixed
suse enterprise sap 12 SP5
2.4.23-29.43.1
fixed
suse enterprise sap 15
2.4.33-3.21.1
fixed
suse enterprise sap 15 SP1
2.4.33-3.21.1
fixed
suse enterprise sap 15 SP2
2.4.43-1.15
fixed
suse enterprise sap 15 SP3
2.4.43-3.17.1
fixed
suse enterprise sap 15 SP4
2.4.51-150400.4.6
fixed
suse enterprise sap 15 SP7
2.4.62-150700.2.4
fixed
suse enterprise server 12 SP3
2.4.23-29.43.1
fixed
suse enterprise server 12 SP4
2.4.23-29.43.1
fixed
suse enterprise server 12 SP5
2.4.23-29.43.1
fixed
suse enterprise server 15
2.4.33-3.21.1
fixed
suse enterprise server 15 SP1
2.4.33-3.21.1
fixed
suse enterprise server 15 SP2
2.4.43-1.15
fixed
suse enterprise server 15 SP3
2.4.43-3.17.1
fixed
suse enterprise server 15 SP4
2.4.51-150400.4.6
fixed
suse enterprise server 15 SP7
2.4.62-150700.2.4
fixed
nodejs10
suse enterprise sap 12
10.16.3-1.12.1
fixed
suse enterprise sap 12 SP3
10.16.3-1.12.1
fixed
suse enterprise sap 12 SP4
10.16.3-1.12.1
fixed
suse enterprise sap 12 SP5
10.16.3-1.12.1
fixed
suse enterprise sap 15
10.16.3-1.12.1
fixed
suse enterprise sap 15 SP1
10.16.3-1.12.1
fixed
suse enterprise sap 15 SP2
10.16.3-1.12.1
fixed
suse enterprise server 12
10.16.3-1.12.1
fixed
suse enterprise server 12 SP3
10.16.3-1.12.1
fixed
suse enterprise server 12 SP4
10.16.3-1.12.1
fixed
suse enterprise server 12 SP5
10.16.3-1.12.1
fixed
suse enterprise server 15
10.16.3-1.12.1
fixed
suse enterprise server 15 SP1
10.16.3-1.12.1
fixed
suse enterprise server 15 SP2
10.16.3-1.12.1
fixed
nodejs10-devel
suse enterprise sap 12
10.16.3-1.12.1
fixed
suse enterprise sap 12 SP3
10.16.3-1.12.1
fixed
suse enterprise sap 12 SP4
10.16.3-1.12.1
fixed
suse enterprise sap 12 SP5
10.16.3-1.12.1
fixed
suse enterprise sap 15
10.16.3-1.12.1
fixed
suse enterprise sap 15 SP1
10.16.3-1.12.1
fixed
suse enterprise sap 15 SP2
10.16.3-1.12.1
fixed
suse enterprise server 12
10.16.3-1.12.1
fixed
suse enterprise server 12 SP3
10.16.3-1.12.1
fixed
suse enterprise server 12 SP4
10.16.3-1.12.1
fixed
suse enterprise server 12 SP5
10.16.3-1.12.1
fixed
suse enterprise server 15
10.16.3-1.12.1
fixed
suse enterprise server 15 SP1
10.16.3-1.12.1
fixed
suse enterprise server 15 SP2
10.16.3-1.12.1
fixed
nodejs10-docs
suse enterprise sap 12
10.16.3-1.12.1
fixed
suse enterprise sap 12 SP3
10.16.3-1.12.1
fixed
suse enterprise sap 12 SP4
10.16.3-1.12.1
fixed
suse enterprise sap 12 SP5
10.16.3-1.12.1
fixed
suse enterprise sap 15
10.16.3-1.12.1
fixed
suse enterprise sap 15 SP1
10.16.3-1.12.1
fixed
suse enterprise sap 15 SP2
10.16.3-1.12.1
fixed
suse enterprise server 12
10.16.3-1.12.1
fixed
suse enterprise server 12 SP3
10.16.3-1.12.1
fixed
suse enterprise server 12 SP4
10.16.3-1.12.1
fixed
suse enterprise server 12 SP5
10.16.3-1.12.1
fixed
suse enterprise server 15
10.16.3-1.12.1
fixed
suse enterprise server 15 SP1
10.16.3-1.12.1
fixed
suse enterprise server 15 SP2
10.16.3-1.12.1
fixed
nodejs12
suse enterprise sap 12
12.13.0-1.3.1
fixed
suse enterprise sap 12 SP3
12.13.0-1.3.1
fixed
suse enterprise sap 12 SP4
12.13.0-1.3.1
fixed
suse enterprise sap 12 SP5
12.13.0-1.3.1
fixed
suse enterprise server 12
12.13.0-1.3.1
fixed
suse enterprise server 12 SP3
12.13.0-1.3.1
fixed
suse enterprise server 12 SP4
12.13.0-1.3.1
fixed
suse enterprise server 12 SP5
12.13.0-1.3.1
fixed
nodejs12-devel
suse enterprise sap 12
12.13.0-1.3.1
fixed
suse enterprise sap 12 SP3
12.13.0-1.3.1
fixed
suse enterprise sap 12 SP4
12.13.0-1.3.1
fixed
suse enterprise sap 12 SP5
12.13.0-1.3.1
fixed
suse enterprise server 12
12.13.0-1.3.1
fixed
suse enterprise server 12 SP3
12.13.0-1.3.1
fixed
suse enterprise server 12 SP4
12.13.0-1.3.1
fixed
suse enterprise server 12 SP5
12.13.0-1.3.1
fixed
nodejs12-docs
suse enterprise sap 12
12.13.0-1.3.1
fixed
suse enterprise sap 12 SP3
12.13.0-1.3.1
fixed
suse enterprise sap 12 SP4
12.13.0-1.3.1
fixed
suse enterprise sap 12 SP5
12.13.0-1.3.1
fixed
suse enterprise server 12
12.13.0-1.3.1
fixed
suse enterprise server 12 SP3
12.13.0-1.3.1
fixed
suse enterprise server 12 SP4
12.13.0-1.3.1
fixed
suse enterprise server 12 SP5
12.13.0-1.3.1
fixed
nodejs8
suse enterprise sap 15
8.16.1-3.20.1
fixed
suse enterprise sap 15 SP1
8.16.1-3.20.1
fixed
suse enterprise server 15
8.16.1-3.20.1
fixed
suse enterprise server 15 SP1
8.16.1-3.20.1
fixed
nodejs8-devel
suse enterprise sap 15
8.16.1-3.20.1
fixed
suse enterprise sap 15 SP1
8.16.1-3.20.1
fixed
suse enterprise server 15
8.16.1-3.20.1
fixed
suse enterprise server 15 SP1
8.16.1-3.20.1
fixed
nodejs8-docs
suse enterprise sap 15
8.16.1-3.20.1
fixed
suse enterprise sap 15 SP1
8.16.1-3.20.1
fixed
suse enterprise server 15
8.16.1-3.20.1
fixed
suse enterprise server 15 SP1
8.16.1-3.20.1
fixed
npm10
suse enterprise sap 12
10.16.3-1.12.1
fixed
suse enterprise sap 12 SP3
10.16.3-1.12.1
fixed
suse enterprise sap 12 SP4
10.16.3-1.12.1
fixed
suse enterprise sap 12 SP5
10.16.3-1.12.1
fixed
suse enterprise sap 15
10.16.3-1.12.1
fixed
suse enterprise sap 15 SP1
10.16.3-1.12.1
fixed
suse enterprise sap 15 SP2
10.16.3-1.12.1
fixed
suse enterprise server 12
10.16.3-1.12.1
fixed
suse enterprise server 12 SP3
10.16.3-1.12.1
fixed
suse enterprise server 12 SP4
10.16.3-1.12.1
fixed
suse enterprise server 12 SP5
10.16.3-1.12.1
fixed
suse enterprise server 15
10.16.3-1.12.1
fixed
suse enterprise server 15 SP1
10.16.3-1.12.1
fixed
suse enterprise server 15 SP2
10.16.3-1.12.1
fixed
npm12
suse enterprise sap 12
12.13.0-1.3.1
fixed
suse enterprise sap 12 SP3
12.13.0-1.3.1
fixed
suse enterprise sap 12 SP4
12.13.0-1.3.1
fixed
suse enterprise sap 12 SP5
12.13.0-1.3.1
fixed
suse enterprise server 12
12.13.0-1.3.1
fixed
suse enterprise server 12 SP3
12.13.0-1.3.1
fixed
suse enterprise server 12 SP4
12.13.0-1.3.1
fixed
suse enterprise server 12 SP5
12.13.0-1.3.1
fixed
npm8
suse enterprise sap 15
8.16.1-3.20.1
fixed
suse enterprise sap 15 SP1
8.16.1-3.20.1
fixed
suse enterprise server 15
8.16.1-3.20.1
fixed
suse enterprise server 15 SP1
8.16.1-3.20.1
fixed
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html
http://www.openwall.com/lists/oss-security/2019/08/15/7
https://access.redhat.com/errata/RHSA-2019:2893
https://access.redhat.com/errata/RHSA-2019:2925
https://access.redhat.com/errata/RHSA-2019:2939
https://access.redhat.com/errata/RHSA-2019:2946
https://access.redhat.com/errata/RHSA-2019:2949
https://access.redhat.com/errata/RHSA-2019:2950
https://access.redhat.com/errata/RHSA-2019:2955
https://access.redhat.com/errata/RHSA-2019:3932
https://access.redhat.com/errata/RHSA-2019:3933
https://access.redhat.com/errata/RHSA-2019:3935
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
https://kb.cert.org/vuls/id/605641/
https://kc.mcafee.com/corporate/index?page=content&id=SB10296
https://lists.apache.org/thread.html/4610762456644181b267c846423b3a990bd4aaea1886ecc7d51febdb%40%3Cannounce.httpd.apache.org%3E
https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/d89f999e26dfb1d50f247ead1fe8538014eb412b2dbe5be4b1a9ef50%40%3Cdev.httpd.apache.org%3E
https://lists.apache.org/thread.html/ec97fdfc1a859266e56fef084353a34e0a0b08901b3c1aa317a43c8c%40%3Cdev.httpd.apache.org%3E
https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BP556LEG3WENHZI5TAQ6ZEBFTJB4E2IS/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XHTKU7YQ5EEP2XNSAV4M4VJ7QCBOJMOD/
https://seclists.org/bugtraq/2019/Aug/47
https://security.gentoo.org/glsa/201909-04
https://security.netapp.com/advisory/ntap-20190823-0003/
https://security.netapp.com/advisory/ntap-20190823-0005/
https://security.netapp.com/advisory/ntap-20190905-0003/
https://support.f5.com/csp/article/K02591030
https://support.f5.com/csp/article/K02591030?utm_source=f5support&amp%3Butm_medium=RSS
https://usn.ubuntu.com/4113-1/
https://www.debian.org/security/2019/dsa-4509
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
https://www.synology.com/security/advisory/Synology_SA_19_33
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html
http://www.openwall.com/lists/oss-security/2019/08/15/7
https://access.redhat.com/errata/RHSA-2019:2893
https://access.redhat.com/errata/RHSA-2019:2925
https://access.redhat.com/errata/RHSA-2019:2939
https://access.redhat.com/errata/RHSA-2019:2946
https://access.redhat.com/errata/RHSA-2019:2949
https://access.redhat.com/errata/RHSA-2019:2950
https://access.redhat.com/errata/RHSA-2019:2955
https://access.redhat.com/errata/RHSA-2019:3932
https://access.redhat.com/errata/RHSA-2019:3933
https://access.redhat.com/errata/RHSA-2019:3935
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
https://kb.cert.org/vuls/id/605641/
https://kc.mcafee.com/corporate/index?page=content&id=SB10296
https://lists.apache.org/thread.html/4610762456644181b267c846423b3a990bd4aaea1886ecc7d51febdb%40%3Cannounce.httpd.apache.org%3E
https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/d89f999e26dfb1d50f247ead1fe8538014eb412b2dbe5be4b1a9ef50%40%3Cdev.httpd.apache.org%3E
https://lists.apache.org/thread.html/ec97fdfc1a859266e56fef084353a34e0a0b08901b3c1aa317a43c8c%40%3Cdev.httpd.apache.org%3E
https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BP556LEG3WENHZI5TAQ6ZEBFTJB4E2IS/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XHTKU7YQ5EEP2XNSAV4M4VJ7QCBOJMOD/
https://seclists.org/bugtraq/2019/Aug/47
https://security.gentoo.org/glsa/201909-04
https://security.netapp.com/advisory/ntap-20190823-0003/
https://security.netapp.com/advisory/ntap-20190823-0005/
https://security.netapp.com/advisory/ntap-20190905-0003/
https://support.f5.com/csp/article/K02591030
https://support.f5.com/csp/article/K02591030?utm_source=f5support&amp%3Butm_medium=RSS
https://usn.ubuntu.com/4113-1/
https://www.debian.org/security/2019/dsa-4509
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
https://www.synology.com/security/advisory/Synology_SA_19_33