UbuntuUpdates.org

Package "nghttp2-client"

Name: nghttp2-client

Description:

client implementing HTTP/2 protocol
Latest version: 1.40.0-1ubuntu0.3
Release: focal (20.04)
Level: security
Repository: universe
Head package: nghttp2
Homepage: https://nghttp2.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "nghttp2-client"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "nghttp2-client" in Focal

Repository Area Version
base universe 1.40.0-1build1
updates universe 1.40.0-1ubuntu0.3

Changelog

Version: 1.40.0-1ubuntu0.3 2024-04-26 00:07:07 UTC

  nghttp2 (1.40.0-1ubuntu0.3) focal-security; urgency=medium

  * SECURITY UPDATE: HTTP/2 protocol denial of service
    - debian/patches/CVE-2024-28182-1.patch: Add
      nghttp2_option_set_max_continuations
    - debian/patches/CVE-2024-28182-2.patch: Limit CONTINUATION frames
      following an incoming HEADER frame
    - CVE-2024-28182

 -- Fabian Toepfer <email address hidden> Thu, 18 Apr 2024 09:15:36 +0200
Source diff to previous version
CVE-2024-28182 nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbound

Version: 1.40.0-1ubuntu0.2 2023-11-22 16:07:02 UTC

  nghttp2 (1.40.0-1ubuntu0.2) focal-security; urgency=medium

  * SECURITY UPDATE: HTTP/2 protocol denial of service
    - debian/patches/CVE-2023-44487.patch: implement stream reset rate
      limiting.
    - CVE-2023-44487

 -- Marc Deslauriers <email address hidden> Wed, 11 Oct 2023 17:39:46 -0400
Source diff to previous version
CVE-2023-44487 The HTTP/2 protocol allows a denial of service (server resource consum ...

Version: 1.40.0-1ubuntu0.1 2023-06-06 10:07:08 UTC

  nghttp2 (1.40.0-1ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: Denial of Service
    - debian/patches/CVE-2020-11080-[1-2].patch: fixed a denial of service,
      potentially caused by large SETTINGS frames, in the module
    - CVE-2020-11080

 -- Amir Naseredini <email address hidden> Wed, 31 May 2023 17:41:38 +0100
CVE-2020-11080 In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a mal


About   -   Send Feedback to @ubuntu_updates