nghttp2-1.43.0-6.el9_7.1
エラータID: AXSA:2026-438:01
リリース日:
2026/04/16 Thursday - 22:10
題名:
nghttp2-1.43.0-6.el9_7.1
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- nghttp2 には、内部状態の検証処理が不十分である問題があるため、
リモートの攻撃者により、サービス拒否攻撃を可能とする脆弱性が存在
します。(CVE-2026-27135)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2026-27135
nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API `nghttp2_session_terminate_session` or `nghttp2_session_terminate_session2` is called by the application. They might be called internally by the library when it detects the situation that is subject to connection error. Due to the missing internal state validation, the library keeps reading the rest of the data after one of those APIs is called. Then receiving a malformed frame that causes FRAME_SIZE_ERROR causes assertion failure. nghttp2 v1.68.1 adds missing state validation to avoid assertion failure. No known workarounds are available.
nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API `nghttp2_session_terminate_session` or `nghttp2_session_terminate_session2` is called by the application. They might be called internally by the library when it detects the situation that is subject to connection error. Due to the missing internal state validation, the library keeps reading the rest of the data after one of those APIs is called. Then receiving a malformed frame that causes FRAME_SIZE_ERROR causes assertion failure. nghttp2 v1.68.1 adds missing state validation to avoid assertion failure. No known workarounds are available.
追加情報:
N/A
ダウンロード:
SRPMS
- nghttp2-1.43.0-6.el9_7.1.src.rpm
MD5: 34d1f5a88c40057aeb582998b7480531
SHA-256: 52180f16944742ecabcc37db8879e5c0c33682366ee9c69197b61c6a1dfbe2ab
Size: 3.81 MB
Asianux Server 9 for x86_64
- libnghttp2-1.43.0-6.el9_7.1.i686.rpm
MD5: 9628bd31f8b8ed2ec9a84f01d3c18706
SHA-256: 9953ca8858783759bd348983da85e9d8d8ddb46fd341d6093a463039b80b5afd
Size: 78.13 kB - libnghttp2-1.43.0-6.el9_7.1.x86_64.rpm
MD5: bd2cd1a3bfc434eda8c58156ccbd1e80
SHA-256: a66e52101df5269ce21781a6a0fb2f15473a0d8297d08d6e84557f514690e3c6
Size: 72.18 kB - libnghttp2-devel-1.43.0-6.el9_7.1.i686.rpm
MD5: 4471455700506c4bc621954512ee7928
SHA-256: 853982a82aa30defb193b3dfceb2c48e5b9a08e99942918c68760ad077ee8000
Size: 51.93 kB - libnghttp2-devel-1.43.0-6.el9_7.1.x86_64.rpm
MD5: 0abe07c757f158d5b4a1a8b445d7f6e9
SHA-256: 69e1e26bfe9ae28a988f6373f34b3524ab56d563d29057ee6e7f500d458241f5
Size: 51.90 kB - nghttp2-1.43.0-6.el9_7.1.x86_64.rpm
MD5: 282831b59004c208202b7c45d3ec2a84
SHA-256: 9cc5a29856ec0b4bb256a444480f09b4b9360944d62212a9e045f4da3abee252
Size: 570.58 kB
English