Release date:
2026-05-05 02:15:38 UTC
Description:
* SECURITY UPDATE: HTTP/2 memory leak in nghttp2 codec
- debian/patches/CVE-2023-35945.patch: fix memory leak in
nghttp2_session_mem_send_internal when stream close callback fails
with a fatal error
- CVE-2023-35945
Updated packages:
-
libnghttp2-14_1.36.0-2+deb10u3+tuxcare.els1_amd64.deb
sha:26165acb17ad208146a15de73aa6598a63307b3d
-
libnghttp2-dev_1.36.0-2+deb10u3+tuxcare.els1_amd64.deb
sha:7c24af79ba3021ed634c36ec12cda26acb768721
-
libnghttp2-doc_1.36.0-2+deb10u3+tuxcare.els1_all.deb
sha:4aba50494955c658ff882ad6ae506d2d5221f355
-
nghttp2_1.36.0-2+deb10u3+tuxcare.els1_all.deb
sha:8fb39b8797198f307ea30b53f8c74c874182116a
-
nghttp2-client_1.36.0-2+deb10u3+tuxcare.els1_amd64.deb
sha:8985c12ca40f903c034812dcea1ed0662deb00a1
-
nghttp2-proxy_1.36.0-2+deb10u3+tuxcare.els1_amd64.deb
sha:dd83d5cbdbba81ff02a340d2cb55efc8d5c16a82
-
nghttp2-server_1.36.0-2+deb10u3+tuxcare.els1_amd64.deb
sha:0ac875effd276d1be49074ea8f0eef333d0ed095
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
