This was a security update pushed out recently:
nghttp2 (1.59.0-1ubuntu0.4) noble-security; urgency=medium
* SECURITY UPDATE: HTTP request/response smuggling issue
- debian/patches/CVE-2026-58055.patch: nghttpx: Tighten up CONNECT and HTTP
Upgrade handling in src/shrpx_downstream.cc, src/shrpx_downstream.h,
src/shrpx_http2_upstream.cc, src/shrpx_http3_upstream.cc,
src/shrpx_http_downstream_connection.cc,
src/shrpx_http_downstream_connection.h, src/shrpx_https_upstream.cc.
- CVE-2026-58055
I will flag this as a security regression.
** CVE added: https://cve.org/CVERecord?id=CVE-2026-58055
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2159650
Title:
multiple http/2 connection failures with libnghttp2-14:amd64
1.59.0-1ubuntu0.4
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nghttp2/+bug/2159650/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs