Gal Goldshtein discovered that nghttp2 incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.
{ "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "binaries": [ { "libnghttp2-14-dbgsym": "1.7.1-1ubuntu0.1~esm1", "nghttp2": "1.7.1-1ubuntu0.1~esm1", "libnghttp2-14": "1.7.1-1ubuntu0.1~esm1", "libnghttp2-dev": "1.7.1-1ubuntu0.1~esm1", "nghttp2-client-dbgsym": "1.7.1-1ubuntu0.1~esm1", "libnghttp2-doc": "1.7.1-1ubuntu0.1~esm1", "nghttp2-proxy": "1.7.1-1ubuntu0.1~esm1", "nghttp2-server": "1.7.1-1ubuntu0.1~esm1", "nghttp2-client": "1.7.1-1ubuntu0.1~esm1", "nghttp2-server-dbgsym": "1.7.1-1ubuntu0.1~esm1", "nghttp2-proxy-dbgsym": "1.7.1-1ubuntu0.1~esm1" } ] }
{ "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "binaries": [ { "libnghttp2-14-dbgsym": "1.30.0-1ubuntu1+esm1", "nghttp2": "1.30.0-1ubuntu1+esm1", "libnghttp2-14": "1.30.0-1ubuntu1+esm1", "libnghttp2-dev": "1.30.0-1ubuntu1+esm1", "nghttp2-client-dbgsym": "1.30.0-1ubuntu1+esm1", "libnghttp2-doc": "1.30.0-1ubuntu1+esm1", "nghttp2-proxy": "1.30.0-1ubuntu1+esm1", "nghttp2-server": "1.30.0-1ubuntu1+esm1", "nghttp2-client": "1.30.0-1ubuntu1+esm1", "nghttp2-server-dbgsym": "1.30.0-1ubuntu1+esm1", "nghttp2-proxy-dbgsym": "1.30.0-1ubuntu1+esm1" } ] }
{ "availability": "No subscription required", "binaries": [ { "libnghttp2-14-dbgsym": "1.40.0-1ubuntu0.1", "nghttp2": "1.40.0-1ubuntu0.1", "libnghttp2-14": "1.40.0-1ubuntu0.1", "libnghttp2-dev": "1.40.0-1ubuntu0.1", "nghttp2-client-dbgsym": "1.40.0-1ubuntu0.1", "libnghttp2-doc": "1.40.0-1ubuntu0.1", "nghttp2-proxy": "1.40.0-1ubuntu0.1", "nghttp2-server": "1.40.0-1ubuntu0.1", "nghttp2-client": "1.40.0-1ubuntu0.1", "nghttp2-server-dbgsym": "1.40.0-1ubuntu0.1", "nghttp2-proxy-dbgsym": "1.40.0-1ubuntu0.1" } ] }