ELSA-2026-7668

ULN >
Oracle Linux Errata repository >
ELSA-2026-7668

ELSA-2026-7668 - nghttp2 security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2026-04-13

Description

[1.43.0-6.1]
- fix Denial of service: Assertion failure due to the missing state validation (CVE-2026-27135)

Related CVEs

CVE-2026-27135

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 9 (aarch64)	nghttp2-1.43.0-6.el9_7.1.src.rpm	5d9787a3c5222cfd960e6284ec587aadf94795b2e77476e07b7b0105768aa9cf	-	ol9_aarch64_baseos_latest
	nghttp2-1.43.0-6.el9_7.1.src.rpm	5d9787a3c5222cfd960e6284ec587aadf94795b2e77476e07b7b0105768aa9cf	-	ol9_aarch64_codeready_builder
	nghttp2-1.43.0-6.el9_7.1.src.rpm	5d9787a3c5222cfd960e6284ec587aadf94795b2e77476e07b7b0105768aa9cf	-	ol9_aarch64_u7_baseos_patch
	libnghttp2-1.43.0-6.el9_7.1.aarch64.rpm	94a85c889e65b300bc2d5f99b06e74e3760cbeeca018c42603881da2f778d3de	-	ol9_aarch64_baseos_latest
	libnghttp2-1.43.0-6.el9_7.1.aarch64.rpm	94a85c889e65b300bc2d5f99b06e74e3760cbeeca018c42603881da2f778d3de	-	ol9_aarch64_u7_baseos_patch
	libnghttp2-devel-1.43.0-6.el9_7.1.aarch64.rpm	b5e26cf2a74786719965e086f00f28a4b9ea7192042144ad520cb7e3c6b2c87a	-	ol9_aarch64_codeready_builder
	nghttp2-1.43.0-6.el9_7.1.aarch64.rpm	ccd43090c2e1d9d3c84de0fdbc7e8f29dbb4e8da8a1b0263e49acd3c5b47d59b	-	ol9_aarch64_codeready_builder

Oracle Linux 9 (x86_64)	nghttp2-1.43.0-6.el9_7.1.src.rpm	5d9787a3c5222cfd960e6284ec587aadf94795b2e77476e07b7b0105768aa9cf	-	ol9_x86_64_baseos_latest
	nghttp2-1.43.0-6.el9_7.1.src.rpm	5d9787a3c5222cfd960e6284ec587aadf94795b2e77476e07b7b0105768aa9cf	-	ol9_x86_64_codeready_builder
	nghttp2-1.43.0-6.el9_7.1.src.rpm	5d9787a3c5222cfd960e6284ec587aadf94795b2e77476e07b7b0105768aa9cf	-	ol9_x86_64_u7_baseos_patch
	libnghttp2-1.43.0-6.el9_7.1.i686.rpm	be4becb363683896e799f5c6784002563944002033c856230c00de65d45a04ef	-	ol9_x86_64_baseos_latest
	libnghttp2-1.43.0-6.el9_7.1.i686.rpm	be4becb363683896e799f5c6784002563944002033c856230c00de65d45a04ef	-	ol9_x86_64_u7_baseos_patch
	libnghttp2-1.43.0-6.el9_7.1.x86_64.rpm	5bdd8a22710922984d70771b785342206cc8190d1b0bd0458abc3cd480de3fc2	-	ol9_x86_64_baseos_latest
	libnghttp2-1.43.0-6.el9_7.1.x86_64.rpm	5bdd8a22710922984d70771b785342206cc8190d1b0bd0458abc3cd480de3fc2	-	ol9_x86_64_u7_baseos_patch
	libnghttp2-devel-1.43.0-6.el9_7.1.i686.rpm	56c2e2997e5143a1f4d405e38a1d5ca39add7175f6852c2850a2e64759ef1c4a	-	ol9_x86_64_codeready_builder
	libnghttp2-devel-1.43.0-6.el9_7.1.x86_64.rpm	7624536cf43bb68cdc46c5d3fd0f0e2566c2264a60dd9f6fea78abccc725c37b	-	ol9_x86_64_codeready_builder
	nghttp2-1.43.0-6.el9_7.1.x86_64.rpm	72fa989d6bc4b27cf515868e1ab0d4feafb13670a3bf9371349839d3ee53ffdb	-	ol9_x86_64_codeready_builder

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691