Cyrus HTTP/2 excessive CPU usage vulnerability

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



All,

Cyrus uses libnghttp2 for its HTTP/2 support.  Recently, a vulnerability that can cause excessive CPU usage was found in that library. 

Cyrus installations that compile with HTTP/2 support should upgrade to libnghttp2 v1.61 immediately, or recompile Cyrus with the --without-nghttp2 option until libnghttp2 can be upgraded.

I have verified that Cyrus compiles cleanly against v1.61+ and interoperates fine with both iOS and Thunderbird.

-- 
Kenneth Murchison
Senior Software Developer
Fastmail US LLC

[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]
  Powered by Linux