Conversation

Notices

1. made out of flesh or wood (nightpool@cybre.space)'s status on Wednesday, 14-Aug-2019 08:12:39 EDT made out of flesh or wood

   hey all, there's a rash of http2 vulnerabilities going around c/o Netflix today.

   the default mastodon nginx config has http2 enabled, and nginx is affected (in one form or another) by three of these attacks, so you should upgrade nginx as soon as possible:

   https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/

   1. aschmitz (aschmitz@ostatus.lardbucket.org)'s status on Wednesday, 14-Aug-2019 08:21:06 EDT aschmitz

      in reply to

      @nightpool Worth noting that these are all DoS: it'll be annoying, and might take your site down, but nobody's going to take it *over* by attacking them, either, and if you're attacked, it'll be obvious (at the time, anyway).

      1. made out of flesh or wood (nightpool@cybre.space)'s status on Wednesday, 14-Aug-2019 08:21:59 EDT made out of flesh or wood

         in reply to

         @aschmitz yes, true, I didn't include the details in my message because I assumed people would read the linked post

         1. made out of flesh or wood (nightpool@cybre.space)'s status on Wednesday, 14-Aug-2019 08:23:33 EDT made out of flesh or wood

            in reply to

            @aschmitz I could have easily just said "a rash of http/2 DOS vulnerabilities though", which is on me

         2. made out of flesh or wood (nightpool@cybre.space)'s status on Wednesday, 14-Aug-2019 08:23:48 EDT made out of flesh or wood

            in reply to

            @aschmitz I could have easily just said "a rash of http/2 DOS vulnerabilities" though, which is on me