Package "nghttp2"

Name: nghttp2


This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • library implementing HTTP/2 protocol (shared library)
  • library implementing HTTP/2 protocol (development files)
  • library implementing HTTP/2 protocol (documentation)

Latest version: 1.40.0-1ubuntu0.2
Release: focal (20.04)
Level: updates
Repository: main


Other versions of "nghttp2" in Focal

Repository Area Version
base main 1.40.0-1build1
base universe 1.40.0-1build1
security main 1.40.0-1ubuntu0.2
security universe 1.40.0-1ubuntu0.2
updates universe 1.40.0-1ubuntu0.2

Packages in group

Deleted packages are displayed in grey.


Version: 1.40.0-1ubuntu0.2 2023-11-22 17:07:01 UTC

  nghttp2 (1.40.0-1ubuntu0.2) focal-security; urgency=medium

  * SECURITY UPDATE: HTTP/2 protocol denial of service
    - debian/patches/CVE-2023-44487.patch: implement stream reset rate
    - CVE-2023-44487

 -- Marc Deslauriers <email address hidden> Wed, 11 Oct 2023 17:39:46 -0400

Source diff to previous version
CVE-2023-44487 The HTTP/2 protocol allows a denial of service (server resource consum ...

Version: 1.40.0-1ubuntu0.1 2023-06-06 11:07:05 UTC

  nghttp2 (1.40.0-1ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: Denial of Service
    - debian/patches/CVE-2020-11080-[1-2].patch: fixed a denial of service,
      potentially caused by large SETTINGS frames, in the module
    - CVE-2020-11080

 -- Amir Naseredini <email address hidden> Wed, 31 May 2023 17:41:38 +0100

CVE-2020-11080 In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a mal

About   -   Send Feedback to @ubuntu_updates