Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Friday August 16 2019, @02:37AM   Printer-friendly
from the veni-vedi-vici dept.

[Ed note: This story had been posted earlier but was lost when we had the site crash Thursday morning. Prior comments have, unfortunately, been lost. --Fnord666]

On Tuesday, Netflix, working in conjunction with Google and CERT/CC, published a security advisory covering a series of vulnerabilities that enable denial of service attacks against servers running HTTP/2 services.

HTTP/2, like earlier versions, governs the application layer of the internet stack; it runs atop the transport layer (TCP), the network layer (IP), and data link layer of the internet. The eight CVEs disclosed do not allow information disclosure or modification, but they could be employed to overload servers.

"Today, a number of vendors have announced patches to correct this suboptimal behavior," the media streaming biz said in its post. "While we haven’t detected these vulnerabilities in our open source packages, we are issuing this security advisory to document our findings and to further assist the Internet security community in remediating these issues."

Seven of the flaws were identified by Jonathan Looney of Netflix, and the eighth (CVE-2019-9518) which was found by Piotr Sikora of Google.

Netflix, which characterized the severity of the flaws as "high," did not name the vendors affected by vulnerable HTTP/2 implementations but CERT/CC has.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by stretch611 on Friday August 16 2019, @05:16AM

    by stretch611 (6199) on Friday August 16 2019, @05:16AM (#880898)

    Use this as an excuse for your server problems last night... =)

    --
    Now with 5 covid vaccine shots/boosters altering my DNA :P
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2