Packages
- nghttp2 - HTTP/2 C Library and tools
Details
It was discovered that the nghttp2 nghttpx proxy incorrectly handled
HTTP/1.1 Upgrade requests that included a Content-Length header and body.
A remote attacker could possibly use this issue to perform HTTP request and
response smuggling attacks against backend services.
It was discovered that the nghttp2 nghttpx proxy incorrectly handled
HTTP/1.1 Upgrade requests that included a Content-Length header and body.
A remote attacker could possibly use this issue to perform HTTP request and
response smuggling attacks against backend services.
Update instructions
In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 26.04 LTS resolute | nghttp2 – 1.68.0-2ubuntu0.2 | ||
| 25.10 questing | nghttp2 – 1.64.0-1.1ubuntu1.2 | ||
| 24.04 LTS noble | nghttp2 – 1.59.0-1ubuntu0.4 | ||
| 22.04 LTS jammy | nghttp2 – 1.43.0-1ubuntu0.4 | ||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.