3 matches found
OPENSUSE-SU-2026:21302-1 Security update for nghttp2
This update for nghttp2 fixes the following issue - CVE-2026-58055: HTTP request/response smuggling via upgrade request with Content-Length bsc1269489...
OESA-2026-2977 nghttp2 security update
The framing layer of HTTP/2 is implemented as a form of reusable C library. On top of that, we have implemented HTTP/2 client, server and proxy. We have also developed load test and benchmarking tool for HTTP/2. Security Fixes: nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade...
CVE-2026-58055
nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade request that also carries a Content-Length header and body onto reusable keep-alive backend connections, re-adding the Upgrade and Connection headers while passing Content-Length verbatim. A backend that resolves the resulting...