UbuntuUpdates.org

Package "nghttp2"

Name: nghttp2

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • library implementing HTTP/2 protocol (shared library)
  • library implementing HTTP/2 protocol (development files)
  • library implementing HTTP/2 protocol (documentation)
Latest version: 1.43.0-1ubuntu0.3
Release: jammy (22.04)
Level: security
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "nghttp2" in Jammy

Repository Area Version
base main 1.43.0-1build3
base universe 1.43.0-1build3
security universe 1.43.0-1ubuntu0.2
updates main 1.43.0-1ubuntu0.3
updates universe 1.43.0-1ubuntu0.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.43.0-1ubuntu0.3 2026-05-05 18:07:34 UTC

  nghttp2 (1.43.0-1ubuntu0.3) jammy-security; urgency=medium

  * SECURITY UPDATE: Denial of service through assertion failure.
    - debian/patches/CVE-2026-27135-pre1.patch: Add iframe->state ==
      NGHTTP2_IB_IGN_ALL checks in lib/nghttp2_session.c.
    - debian/patches/CVE-2026-27135-pre2.patch: Add iframe->state ==
      NGHTTP2_IB_IGN_ALL checks in lib/nghttp2_session.c.
    - debian/patches/CVE-2026-27135.patch: Add iframe->state ==
      NGHTTP2_IB_IGN_ALL checks in lib/nghttp2_session.c.
    - debian/patches/CVE-2026-27135-post1.patch: Add iframe->state ==
      NGHTTP2_IB_IGN_ALL checks in lib/nghttp2_session.c.
    - CVE-2026-27135

 -- Hlib Korzhynskyy <email address hidden> Tue, 28 Apr 2026 16:49:21 -0230
Source diff to previous version
CVE-2026-27135 nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incomi

Version: 1.43.0-1ubuntu0.2 2024-04-26 00:07:09 UTC

  nghttp2 (1.43.0-1ubuntu0.2) jammy-security; urgency=medium

  * SECURITY UPDATE: HTTP/2 protocol denial of service
    - debian/patches/CVE-2024-28182-1.patch: Add
      nghttp2_option_set_max_continuations
    - debian/patches/CVE-2024-28182-2.patch: Limit CONTINUATION frames
      following an incoming HEADER frame
    - CVE-2024-28182

 -- Fabian Toepfer <email address hidden> Thu, 18 Apr 2024 09:14:38 +0200
Source diff to previous version
CVE-2024-28182 nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbound

Version: 1.43.0-1ubuntu0.1 2023-11-22 16:07:03 UTC

  nghttp2 (1.43.0-1ubuntu0.1) jammy-security; urgency=medium

  * SECURITY UPDATE: HTTP/2 protocol denial of service
    - debian/patches/CVE-2023-44487.patch: implement stream reset rate
      limiting.
    - CVE-2023-44487

 -- Marc Deslauriers <email address hidden> Wed, 11 Oct 2023 13:50:35 -0400
CVE-2023-44487 The HTTP/2 protocol allows a denial of service (server resource consum ...


About   -   Send Feedback to @ubuntu_updates