Update libnghttp2 to 1.31.1 to address CVE-2018-1000168

Description

pkg audit -F on FreeNAS 11.2-U4 reports:

libnghttp2-1.31.0 is vulnerable:
nghttp2 – Denial of service due to NULL pointer dereference
CVE: CVE-2018-1000168
WWW: https://vuxml.FreeBSD.org/freebsd/1fccb25e-8451-438c-a2b9-6a021e4d7a31.html

Not sure if this is easily exploitable in FreeNAS, but it would be comforting to have fixed.

Problem/Justification

None

Impact

None

SmartDraw Connector

Katalon Manual Tests (BETA)

Activity

Show:

Dru Lavigne

June 19, 2019 at 5:58 PM

(edited)

11.2-legacy doc commit: https://github.com/freenas/freenas-docs/commit/05d675caeb80051d6a2b6c2651e51e32ce8cd97a

11.2-angular doc commit: https://github.com/freenas/freenas-docs/commit/7411c9156a93464ee7ac6d0e39b1b775743ba8e9

Bug Clerk

May 29, 2019 at 7:18 PM

11.2 PR: https://github.com/freenas/ports/pull/341

Alexander Motin

May 19, 2019 at 8:01 PM

It is already updated in 11.3-nightly. 11.2 may need backport when current freeze is over.

Resize issue view side panel

Complete

Details

Assignee

William Gryzbowski

Reporter

Sean McBride

Labels

Priority

Low

Parent

NAS-102406 Updated Software

More fields

Katalon Platform

Created May 8, 2019 at 6:48 PM

Updated July 1, 2022 at 4:31 PM

Resolved June 19, 2019 at 6:01 PM