Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 126 articles for you...
100

SUSE nghttp2 Moderate HTTP Smuggling Risk Advisory 2026-2883-1

An update that solves one vulnerability can now be installed.. # Security update for nghttp2 Announcement ID: SUSE-SU-2026:2883-1 Release Date: 2026-07-13T09:54:51Z Rating: moderate References: * bsc#1269489 Cross-References: * CVE-2026-58055 CVSS scores: * CVE-2026-58055 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-58055 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N * CVE-2026-58055 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-58055 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N Affected Products: * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that solves one vulnerability can now be installed. ## Description: This update for nghttp2 fixes the following issue * CVE-2026-58055: HTTP/1.1 Upgrade request can lead to HTTP request smuggling and cross-client response-queue poisoning (bsc#1269489). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-2883=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-2883=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-2883=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-2883=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patchSUSE-SLE-Micro-5.5-2026-2883=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libnghttp2-14-1.40.0-150200.25.1 * nghttp2-debuginfo-1.40.0-150200.25.1 * libnghttp2-14-debuginfo-1.40.0-150200.25.1 * nghttp2-debugsource-1.40.0-150200.25.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libnghttp2-14-1.40.0-150200.25.1 * nghttp2-debuginfo-1.40.0-150200.25.1 * libnghttp2-14-debuginfo-1.40.0-150200.25.1 * nghttp2-debugsource-1.40.0-150200.25.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * libnghttp2-14-1.40.0-150200.25.1 * nghttp2-debugsource-1.40.0-150200.25.1 * nghttp2-debuginfo-1.40.0-150200.25.1 * libnghttp2-14-debuginfo-1.40.0-150200.25.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libnghttp2-14-1.40.0-150200.25.1 * nghttp2-debuginfo-1.40.0-150200.25.1 * libnghttp2-14-debuginfo-1.40.0-150200.25.1 * nghttp2-debugsource-1.40.0-150200.25.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libnghttp2-14-1.40.0-150200.25.1 * nghttp2-debuginfo-1.40.0-150200.25.1 * libnghttp2-14-debuginfo-1.40.0-150200.25.1 * nghttp2-debugsource-1.40.0-150200.25.1 ## References: * https://www.suse.com/security/cve/CVE-2026-58055.html * https://bugzilla.suse.com/show_bug.cgi?id=1269489 . A security update has been released for nghttp2 addressing a moderate issue related to HTTP smuggling risks. Install now.. SUSE updates, nghttp2 security, moderate threats, HTTP smuggling, Linux patches. . Severity: moderate. LinuxSecurity.com Team

Calendar%202 Jul 13, 2026 moderate SuSE
202

openSUSE Leap 16.0 nghttp2 Moderate HTTP Smuggling Fix 2026-21302-1

An update that solves one vulnerability and has one bug fix can now be installed.. openSUSE security update: security update for nghttp2 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21302-1 Rating: moderate References: * bsc#1269489 Cross-References: * CVE-2026-58055 CVSS scores: * CVE-2026-58055 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N * CVE-2026-58055 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves one vulnerability and has one bug fix can now be installed. Description: This update for nghttp2 fixes the following issue - CVE-2026-58055: HTTP request/response smuggling via upgrade request with `Content-Length` (bsc#1269489). Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-1213=1 Package List: - openSUSE Leap 16.0: libnghttp2-14-1.64.0-160000.4.1 libnghttp2-devel-1.64.0-160000.4.1 nghttp2-1.64.0-160000.4.1 References: * https://www.suse.com/security/cve/CVE-2026-58055.html . This openSUSE security update addresses a moderate issue in nghttp2 to enhance system protection and stability.. openSUSE update, nghttp2 patch, security alert. . Severity: moderate. LinuxSecurity.com Team

Calendar%202 Jul 13, 2026 moderate OpenSUSE
172

Ubuntu 26.04 LTS nghttp2 Important Network Access Vulnerability USN-8495-1

nghttp2 could allow unintended access to network services.. ========================================================================== Ubuntu Security Notice USN-8495-1 July 02, 2026 nghttp2 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: nghttp2 could allow unintended access to network services. Software Description: - nghttp2: HTTP/2 C Library and tools Details: It was discovered that the nghttp2 nghttpx proxy incorrectly handled HTTP/1.1 Upgrade requests that included a Content-Length header and body. A remote attacker could possibly use this issue to perform HTTP request and response smuggling attacks against backend services. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS nghttp2 1.68.0-2ubuntu0.2 Ubuntu 25.10 nghttp2 1.64.0-1.1ubuntu1.2 Ubuntu 24.04 LTS nghttp2 1.59.0-1ubuntu0.4 Ubuntu 22.04 LTS nghttp2 1.43.0-1ubuntu0.4 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8495-1 CVE-2026-58055 Package Information: https://launchpad.net/ubuntu/+source/nghttp2/1.68.0-2ubuntu0.2 https://launchpad.net/ubuntu/+source/nghttp2/1.64.0-1.1ubuntu1.2 https://launchpad.net/ubuntu/+source/nghttp2/1.59.0-1ubuntu0.4 https://launchpad.net/ubuntu/+source/nghttp2/1.43.0-1ubuntu0.4 . Unintended access through nghttp2 could expose network services. Update now to secure your Ubuntu system against risks.. nghttp2 security issue, Ubuntu network service access, HTTP/2 library vulnerabilities. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jul 02, 2026 Important Ubuntu
203

Mageia 9 nghttp2 Severe Denial of Service CVE-2026-27135

Security update. Publication date: 12 Jun 2026 URL: https://advisories.mageia.org/MGASA-2026-0199.html Type: security Affected Mageia releases: 9 CVE: CVE-2026-27135 Description: Denial of service: Assertion failure due to missing state validation. (CVE-2026-27135) References: - https://bugs.mageia.org/show_bug.cgi?id=35252 - https://www.openwall.com/lists/oss-security/2026/03/20/3 - https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6 - https://lists.debian.org/debian-security-announce/2026/msg00177.html - https://www.cve.org/CVERecord?id=CVE-2026-27135 SRPMS: - 9/core/nghttp2-1.61.0-1.1.mga9 . Security update for Mageia with critical nghttp2 denial of service issue due to assertion failure. Urgent patch available.. Mageia, nghttp2 security, denial of service, nghttp2 update, Mageia vulnerability. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jun 12, 2026 Critical Mageia
87

Debian DSA-6266-1 nghttp2 Critical DoS Exploit CVE-2026-27135

It was discovered that nghttp2, an implementation of the HTTP/2 protocol, could be crashed via an assertion failure. A remote attacker could exploit this to cause a DoS attack by sending a malformed frame immediately after triggering the termination path. For the oldstable distribution (bookworm), this problem has been fixed. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6266-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Aron Xu May 14, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : nghttp2 CVE ID : CVE-2026-27135 Debian Bug : 1131369 It was discovered that nghttp2, an implementation of the HTTP/2 protocol, could be crashed via an assertion failure. A remote attacker could exploit this to cause a DoS attack by sending a malformed frame immediately after triggering the termination path. For the oldstable distribution (bookworm), this problem has been fixed in version 1.52.0-1+deb12u3. For the stable distribution (trixie), this problem has been fixed in version 1.64.0-1.1+deb13u1. We recommend that you upgrade your nghttp2 packages. For the detailed security status of nghttp2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nghttp2 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . nghttp2 faces a critical DoS attack due to assertion failure. Secure your Debian systems with the latest patch.. nghttp2 security advisory, Debian DSA-6266-1, security update, DoS threat, HTTP/2 exploit. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 May 14, 2026 Critical Debian
197

Ubuntu LTS USN-4820-1 nginx Moderate Security Patch CVE-2026-27136

A vulnerabilitie was discovered in nghttp2, a server, proxy and client implementing HTTP/2. CVE-2026-27135 Fix missing iframe-> state validations to avoid assertion failure. As backported from upstream v1.68.1 (commit 5c7df8f), incl. upstream test case. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4581-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Lukas Märdian May 13, 2026 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : nghttp2 Version : 1.43.0-1+deb11u3 CVE ID : CVE-2026-27135 Debian Bug : 1131369 A vulnerabilitie was discovered in nghttp2, a server, proxy and client implementing HTTP/2. CVE-2026-27135 Fix missing iframe-> state validations to avoid assertion failure. As backported from upstream v1.68.1 (commit 5c7df8f), incl. upstream test case from commit c619c7be0737ac78051b1cacf4b1ce5467eb838d. For Debian 11 bullseye, this problem has been fixed in version 1.43.0-1+deb11u3. We recommend that you upgrade your nghttp2 packages. For the detailed security status of nghttp2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nghttp2 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . A critical security issue discovered in nghttp2 can lead to assertion failures; update recommended for Debian systems.. nghttp2 security update, Debian LTS advisory, HTTP/2 vulnerabilities. . Severity: Important. LinuxSecurity.com Team

Calendar%202 May 13, 2026 Important Debian LTS
172

Ubuntu 26.04 LTS nghttp2 Critical Crash DoS USN-8233-2 CVE-2026-27135

nghttp2 could be made to crash if it received specially crafted network traffic.. ========================================================================== Ubuntu Security Notice USN-8233-2 May 06, 2026 nghttp2 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS Summary: nghttp2 could be made to crash if it received specially crafted network traffic. Software Description: - nghttp2: HTTP/2 C Library and tools Details: USN-8233-1 fixed a vulnerability in nghttp2. This update provides the corresponding update for Ubuntu 26.04 LTS. Original advisory details: Andrew MacPherson discovered that nghttp2 did not properly validate internal state when the session termination API was called. A remote attacker could possibly use this issue to cause nghttp2 to crash, resulting in a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS libnghttp2-14 1.68.0-2ubuntu0.1 nghttp2 1.68.0-2ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8233-2 https://ubuntu.com/security/notices/USN-8233-1 CVE-2026-27135 Package Information: https://launchpad.net/ubuntu/+source/nghttp2/1.68.0-2ubuntu0.1 . nghttp2 in Ubuntu 26.04 LTS can crash from malicious traffic; critical update required to prevent DoS.. nghttp2 security, Ubuntu 26.04 advisory, critical bug fix, denial of service, package update. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 May 06, 2026 Critical Ubuntu
172

Ubuntu 25.10 nghttp2 Critical Denial of Service USN-8233-1

nghttp2 could be made to crash if it received specially crafted network traffic.. ========================================================================== Ubuntu Security Notice USN-8233-1 May 05, 2026 nghttp2 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: nghttp2 could be made to crash if it received specially crafted network traffic. Software Description: - nghttp2: HTTP/2 C Library and tools Details: Andrew MacPherson discovered that nghttp2 did not properly validate internal state when the session termination API was called. A remote attacker could possibly use this issue to cause nghttp2 to crash, resulting in a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 libnghttp2-14 1.64.0-1.1ubuntu1.1 nghttp2 1.64.0-1.1ubuntu1.1 Ubuntu 24.04 LTS libnghttp2-14 1.59.0-1ubuntu0.3 nghttp2 1.59.0-1ubuntu0.3 Ubuntu 22.04 LTS libnghttp2-14 1.43.0-1ubuntu0.3 nghttp2 1.43.0-1ubuntu0.3 Ubuntu 20.04 LTS libnghttp2-14 1.40.0-1ubuntu0.3+esm1 Available with Ubuntu Pro nghttp2 1.40.0-1ubuntu0.3+esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS libnghttp2-14 1.30.0-1ubuntu1+esm3 Available with Ubuntu Pro nghttp2 1.30.0-1ubuntu1+esm3 Available with Ubuntu Pro Ubuntu 16.04 LTS libnghttp2-14 1.7.1-1ubuntu0.1~esm3 Available with Ubuntu Pro nghttp2 1.7.1-1ubuntu0.1~esm3 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8233-1 CVE-2026-27135 Package Information: https://launchpad.net/ubuntu/+source/nghttp2/1.64.0-1.1ubuntu1.1 https://launchpad.net/ubuntu/+source/nghttp2/1.59.0-1ubuntu0.3 https://launchpad.net/ubuntu/+source/nghttp2/1.43.0-1ubuntu0.3 . Critical nghttp2 flaw allows denial of service with crafted traffic. Update Ubuntu systems to mitigate risks.. nghttp2, denial of service, Ubuntu security advisory, critical update. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 May 05, 2026 Critical Ubuntu
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200