nghttp2-1.33.0-6.el8_10.2
エラータID: AXSA:2026-443:02
リリース日:
2026/04/17 Friday - 16:00
題名:
nghttp2-1.33.0-6.el8_10.2
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- nghttp2 には、内部状態の検証処理が不十分である問題があるため、
リモートの攻撃者により、サービス拒否攻撃を可能とする脆弱性が存在
します。(CVE-2026-27135)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2026-27135
nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API `nghttp2_session_terminate_session` or `nghttp2_session_terminate_session2` is called by the application. They might be called internally by the library when it detects the situation that is subject to connection error. Due to the missing internal state validation, the library keeps reading the rest of the data after one of those APIs is called. Then receiving a malformed frame that causes FRAME_SIZE_ERROR causes assertion failure. nghttp2 v1.68.1 adds missing state validation to avoid assertion failure. No known workarounds are available.
nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API `nghttp2_session_terminate_session` or `nghttp2_session_terminate_session2` is called by the application. They might be called internally by the library when it detects the situation that is subject to connection error. Due to the missing internal state validation, the library keeps reading the rest of the data after one of those APIs is called. Then receiving a malformed frame that causes FRAME_SIZE_ERROR causes assertion failure. nghttp2 v1.68.1 adds missing state validation to avoid assertion failure. No known workarounds are available.
追加情報:
N/A
ダウンロード:
SRPMS
- nghttp2-1.33.0-6.el8_10.2.src.rpm
MD5: e1b1e62270276d162981e571cfa73056
SHA-256: 1ae1395d7c6b6eeffda1203630659cecb78b87c9362c88fc868f7b46ee7201c7
Size: 1.52 MB
Asianux Server 8 for x86_64
- libnghttp2-1.33.0-6.el8_10.2.i686.rpm
MD5: ba841543540ac381d1d0ef7644b3d33c
SHA-256: af41c88859686ce1236f8e8537ad9fc8a126cd4ff19f3b8fd1ec7a25ab957753
Size: 83.68 kB - libnghttp2-1.33.0-6.el8_10.2.x86_64.rpm
MD5: 3d93e3893e18c9bf222925897cc2ab27
SHA-256: 94d0c7c9d4c12bd87059d525b4528beef2281935cb7bd5390c1be851e3fe36cd
Size: 77.37 kB - libnghttp2-devel-1.33.0-6.el8_10.2.i686.rpm
MD5: 901813bdc36c1446bc86249f126dddc3
SHA-256: 82dc616ee1bda94488f8f4d04b2a96e0e6d4e8f203fcdcf76297489c9fb31535
Size: 60.10 kB - libnghttp2-devel-1.33.0-6.el8_10.2.x86_64.rpm
MD5: 25b0f44175e92568018212919f570b70
SHA-256: d89cf8e7a4d03048ae3b89316ac4af43467e51808d82cd5e97100611fb1641cd
Size: 60.08 kB - nghttp2-1.33.0-6.el8_10.2.x86_64.rpm
MD5: 3b4310b915690d7f7a4044204076b000
SHA-256: 87b7ab27397aeccc424017c008507502c9c5f1ccbb2095d1d5936083333e25c9
Size: 597.94 kB
English