FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

nghttp2 -- use after free

Affected packages
nghttp2 < 1.6.0

Details

VuXML ID 93eadedb-c6a6-11e5-96d6-14dae9d210b8
Discovery 2015-12-23
Entry 2016-01-29

nghttp2 reports:

This release fixes heap-use-after-free bug in idle stream handling code. We strongly recommend to upgrade the older installation to this latest version as soon as possible.

References

CVE Name CVE-2015-8659
URL https://nghttp2.org/blog/2015/12/23/nghttp2-v1-6-0/