The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
{ "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "ubuntu_priority": "high", "binaries": [ { "libnghttp2-14-dbgsym": "1.7.1-1ubuntu0.1~esm2", "nghttp2": "1.7.1-1ubuntu0.1~esm2", "libnghttp2-14": "1.7.1-1ubuntu0.1~esm2", "libnghttp2-dev": "1.7.1-1ubuntu0.1~esm2", "nghttp2-client-dbgsym": "1.7.1-1ubuntu0.1~esm2", "libnghttp2-doc": "1.7.1-1ubuntu0.1~esm2", "nghttp2-proxy": "1.7.1-1ubuntu0.1~esm2", "nghttp2-server": "1.7.1-1ubuntu0.1~esm2", "nghttp2-client": "1.7.1-1ubuntu0.1~esm2", "nghttp2-server-dbgsym": "1.7.1-1ubuntu0.1~esm2", "nghttp2-proxy-dbgsym": "1.7.1-1ubuntu0.1~esm2" } ], "priority_reason": "Listed in CISA Known Exploited Vulnerabilities Catalog" }
{ "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "ubuntu_priority": "high", "binaries": [ { "libnghttp2-14-dbgsym": "1.30.0-1ubuntu1+esm2", "nghttp2": "1.30.0-1ubuntu1+esm2", "libnghttp2-14": "1.30.0-1ubuntu1+esm2", "libnghttp2-dev": "1.30.0-1ubuntu1+esm2", "nghttp2-client-dbgsym": "1.30.0-1ubuntu1+esm2", "libnghttp2-doc": "1.30.0-1ubuntu1+esm2", "nghttp2-proxy": "1.30.0-1ubuntu1+esm2", "nghttp2-server": "1.30.0-1ubuntu1+esm2", "nghttp2-client": "1.30.0-1ubuntu1+esm2", "nghttp2-server-dbgsym": "1.30.0-1ubuntu1+esm2", "nghttp2-proxy-dbgsym": "1.30.0-1ubuntu1+esm2" } ], "priority_reason": "Listed in CISA Known Exploited Vulnerabilities Catalog" }
{ "availability": "No subscription required", "ubuntu_priority": "high", "binaries": [ { "golang-1.20-src": "1.20.3-1ubuntu0.1~20.04.1", "golang-1.20": "1.20.3-1ubuntu0.1~20.04.1", "golang-1.20-doc": "1.20.3-1ubuntu0.1~20.04.1", "golang-1.20-go": "1.20.3-1ubuntu0.1~20.04.1", "golang-1.20-go-dbgsym": "1.20.3-1ubuntu0.1~20.04.1" } ], "priority_reason": "Listed in CISA Known Exploited Vulnerabilities Catalog" }
{ "availability": "No subscription required", "ubuntu_priority": "high", "binaries": [ { "golang-1.21-doc": "1.21.1-1~ubuntu20.04.2", "golang-1.21": "1.21.1-1~ubuntu20.04.2", "golang-1.21-src": "1.21.1-1~ubuntu20.04.2", "golang-1.21-go": "1.21.1-1~ubuntu20.04.2" } ], "priority_reason": "Listed in CISA Known Exploited Vulnerabilities Catalog" }
{ "availability": "No subscription required", "ubuntu_priority": "high", "binaries": [ { "haproxy": "2.0.31-0ubuntu0.2", "haproxy-doc": "2.0.31-0ubuntu0.2", "vim-haproxy": "2.0.31-0ubuntu0.2", "haproxy-dbgsym": "2.0.31-0ubuntu0.2" } ], "priority_reason": "Listed in CISA Known Exploited Vulnerabilities Catalog" }
{ "availability": "No subscription required", "ubuntu_priority": "high", "binaries": [ { "libnghttp2-14-dbgsym": "1.40.0-1ubuntu0.2", "nghttp2": "1.40.0-1ubuntu0.2", "libnghttp2-14": "1.40.0-1ubuntu0.2", "libnghttp2-dev": "1.40.0-1ubuntu0.2", "nghttp2-client-dbgsym": "1.40.0-1ubuntu0.2", "libnghttp2-doc": "1.40.0-1ubuntu0.2", "nghttp2-proxy": "1.40.0-1ubuntu0.2", "nghttp2-server": "1.40.0-1ubuntu0.2", "nghttp2-client": "1.40.0-1ubuntu0.2", "nghttp2-server-dbgsym": "1.40.0-1ubuntu0.2", "nghttp2-proxy-dbgsym": "1.40.0-1ubuntu0.2" } ], "priority_reason": "Listed in CISA Known Exploited Vulnerabilities Catalog" }
{ "availability": "No subscription required", "ubuntu_priority": "high", "binaries": [ { "dotnet-host": "6.0.123-0ubuntu1~22.04.1", "dotnet-runtime-6.0-dbgsym": "6.0.123-0ubuntu1~22.04.1", "dotnet-sdk-6.0-dbgsym": "6.0.123-0ubuntu1~22.04.1", "dotnet-sdk-6.0": "6.0.123-0ubuntu1~22.04.1", "dotnet-sdk-6.0-source-built-artifacts": "6.0.123-0ubuntu1~22.04.1", "dotnet-runtime-6.0": "6.0.123-0ubuntu1~22.04.1", "dotnet-host-dbgsym": "6.0.123-0ubuntu1~22.04.1", "dotnet-templates-6.0": "6.0.123-0ubuntu1~22.04.1", "dotnet-hostfxr-6.0": "6.0.123-0ubuntu1~22.04.1", "dotnet-apphost-pack-6.0": "6.0.123-0ubuntu1~22.04.1", "aspnetcore-runtime-6.0": "6.0.123-0ubuntu1~22.04.1", "netstandard-targeting-pack-2.1": "6.0.123-0ubuntu1~22.04.1", "dotnet6": "6.0.123-0ubuntu1~22.04.1", "dotnet-apphost-pack-6.0-dbgsym": "6.0.123-0ubuntu1~22.04.1", "dotnet-hostfxr-6.0-dbgsym": "6.0.123-0ubuntu1~22.04.1", "dotnet-targeting-pack-6.0": "6.0.123-0ubuntu1~22.04.1", "aspnetcore-targeting-pack-6.0": "6.0.123-0ubuntu1~22.04.1" } ], "priority_reason": "Listed in CISA Known Exploited Vulnerabilities Catalog" }
{ "availability": "No subscription required", "ubuntu_priority": "high", "binaries": [ { "dotnet-host-7.0-dbgsym": "7.0.112-0ubuntu1~22.04.1", "dotnet-sdk-7.0": "7.0.112-0ubuntu1~22.04.1", "dotnet-sdk-7.0-source-built-artifacts": "7.0.112-0ubuntu1~22.04.1", "netstandard-targeting-pack-2.1-7.0": "7.0.112-0ubuntu1~22.04.1", "dotnet7": "7.0.112-0ubuntu1~22.04.1", "aspnetcore-targeting-pack-7.0": "7.0.112-0ubuntu1~22.04.1", "dotnet-runtime-7.0": "7.0.112-0ubuntu1~22.04.1", "dotnet-hostfxr-7.0": "7.0.112-0ubuntu1~22.04.1", "dotnet-sdk-7.0-dbgsym": "7.0.112-0ubuntu1~22.04.1", "dotnet-templates-7.0": "7.0.112-0ubuntu1~22.04.1", "aspnetcore-runtime-7.0": "7.0.112-0ubuntu1~22.04.1", "dotnet-hostfxr-7.0-dbgsym": "7.0.112-0ubuntu1~22.04.1", "dotnet-apphost-pack-7.0": "7.0.112-0ubuntu1~22.04.1", "dotnet-host-7.0": "7.0.112-0ubuntu1~22.04.1", "dotnet-targeting-pack-7.0": "7.0.112-0ubuntu1~22.04.1", "dotnet-apphost-pack-7.0-dbgsym": "7.0.112-0ubuntu1~22.04.1", "dotnet-runtime-7.0-dbgsym": "7.0.112-0ubuntu1~22.04.1" } ], "priority_reason": "Listed in CISA Known Exploited Vulnerabilities Catalog" }
{ "availability": "No subscription required", "ubuntu_priority": "high", "binaries": [ { "dotnet-templates-8.0": "8.0.102-0ubuntu1~22.04.1", "dotnet-sdk-8.0": "8.0.102-0ubuntu1~22.04.1", "dotnet8": "8.0.102-8.0.2-0ubuntu1~22.04.1", "dotnet-hostfxr-8.0": "8.0.2-0ubuntu1~22.04.1", "aspnetcore-runtime-8.0": "8.0.2-0ubuntu1~22.04.1", "dotnet-sdk-8.0-dbgsym": "8.0.102-0ubuntu1~22.04.1", "dotnet-apphost-pack-8.0-dbgsym": "8.0.2-0ubuntu1~22.04.1", "dotnet-runtime-8.0": "8.0.2-0ubuntu1~22.04.1", "dotnet-host-8.0": "8.0.2-0ubuntu1~22.04.1", "dotnet-host-8.0-dbgsym": "8.0.2-0ubuntu1~22.04.1", "netstandard-targeting-pack-2.1-8.0": "8.0.102-0ubuntu1~22.04.1", "dotnet-apphost-pack-8.0": "8.0.2-0ubuntu1~22.04.1", "dotnet-sdk-8.0-source-built-artifacts": "8.0.102-0ubuntu1~22.04.1", "dotnet-runtime-8.0-dbgsym": "8.0.2-0ubuntu1~22.04.1", "aspnetcore-targeting-pack-8.0": "8.0.2-0ubuntu1~22.04.1", "dotnet-targeting-pack-8.0": "8.0.2-0ubuntu1~22.04.1", "dotnet-hostfxr-8.0-dbgsym": "8.0.2-0ubuntu1~22.04.1" } ], "priority_reason": "Listed in CISA Known Exploited Vulnerabilities Catalog" }
{ "availability": "No subscription required", "ubuntu_priority": "high", "binaries": [ { "golang-1.20-src": "1.20.3-1ubuntu0.1~22.04.1", "golang-1.20": "1.20.3-1ubuntu0.1~22.04.1", "golang-1.20-doc": "1.20.3-1ubuntu0.1~22.04.1", "golang-1.20-go": "1.20.3-1ubuntu0.1~22.04.1", "golang-1.20-go-dbgsym": "1.20.3-1ubuntu0.1~22.04.1" } ], "priority_reason": "Listed in CISA Known Exploited Vulnerabilities Catalog" }
{ "availability": "No subscription required", "ubuntu_priority": "high", "binaries": [ { "golang-1.21-doc": "1.21.1-1~ubuntu22.04.2", "golang-1.21": "1.21.1-1~ubuntu22.04.2", "golang-1.21-src": "1.21.1-1~ubuntu22.04.2", "golang-1.21-go": "1.21.1-1~ubuntu22.04.2" } ], "priority_reason": "Listed in CISA Known Exploited Vulnerabilities Catalog" }
{ "availability": "No subscription required", "ubuntu_priority": "high", "binaries": [ { "haproxy": "2.4.22-0ubuntu0.22.04.2", "haproxy-doc": "2.4.22-0ubuntu0.22.04.2", "vim-haproxy": "2.4.22-0ubuntu0.22.04.2", "haproxy-dbgsym": "2.4.22-0ubuntu0.22.04.2" } ], "priority_reason": "Listed in CISA Known Exploited Vulnerabilities Catalog" }
{ "availability": "No subscription required", "ubuntu_priority": "high", "binaries": [ { "libnghttp2-14-dbgsym": "1.43.0-1ubuntu0.1", "nghttp2": "1.43.0-1ubuntu0.1", "libnghttp2-14": "1.43.0-1ubuntu0.1", "libnghttp2-dev": "1.43.0-1ubuntu0.1", "nghttp2-client-dbgsym": "1.43.0-1ubuntu0.1", "libnghttp2-doc": "1.43.0-1ubuntu0.1", "nghttp2-proxy": "1.43.0-1ubuntu0.1", "nghttp2-server": "1.43.0-1ubuntu0.1", "nghttp2-client": "1.43.0-1ubuntu0.1", "nghttp2-server-dbgsym": "1.43.0-1ubuntu0.1", "nghttp2-proxy-dbgsym": "1.43.0-1ubuntu0.1" } ], "priority_reason": "Listed in CISA Known Exploited Vulnerabilities Catalog" }
{ "availability": "No subscription required", "ubuntu_priority": "high", "binaries": [ { "dotnet-templates-8.0": "8.0.100-0ubuntu1", "dotnet-sdk-8.0": "8.0.100-0ubuntu1", "dotnet8": "8.0.100-8.0.0-0ubuntu1", "dotnet-hostfxr-8.0": "8.0.0-0ubuntu1", "aspnetcore-runtime-8.0": "8.0.0-0ubuntu1", "dotnet-sdk-8.0-dbgsym": "8.0.100-0ubuntu1", "dotnet-apphost-pack-8.0-dbgsym": "8.0.0-0ubuntu1", "dotnet-runtime-8.0": "8.0.0-0ubuntu1", "dotnet-host-8.0": "8.0.0-0ubuntu1", "dotnet-host-8.0-dbgsym": "8.0.0-0ubuntu1", "netstandard-targeting-pack-2.1-8.0": "8.0.100-0ubuntu1", "dotnet-apphost-pack-8.0": "8.0.0-0ubuntu1", "dotnet-sdk-8.0-source-built-artifacts": "8.0.100-0ubuntu1", "dotnet-runtime-8.0-dbgsym": "8.0.0-0ubuntu1", "aspnetcore-targeting-pack-8.0": "8.0.0-0ubuntu1", "dotnet-targeting-pack-8.0": "8.0.0-0ubuntu1", "dotnet-hostfxr-8.0-dbgsym": "8.0.0-0ubuntu1" } ], "priority_reason": "Listed in CISA Known Exploited Vulnerabilities Catalog" }
{ "availability": "No subscription required", "ubuntu_priority": "high", "binaries": [ { "golang-1.21-doc": "1.21.5-1", "golang-1.21": "1.21.5-1", "golang-1.21-src": "1.21.5-1", "golang-1.21-go": "1.21.5-1" } ], "priority_reason": "Listed in CISA Known Exploited Vulnerabilities Catalog" }
{ "availability": "No subscription required", "ubuntu_priority": "high", "binaries": [ { "libh2o-dev": "2.2.5+dfsg2-8", "h2o-doc": "2.2.5+dfsg2-8", "libh2o0.13-dbgsym": "2.2.5+dfsg2-8", "libh2o-evloop0.13-dbgsym": "2.2.5+dfsg2-8", "libh2o-dev-common": "2.2.5+dfsg2-8", "h2o-dbgsym": "2.2.5+dfsg2-8", "libh2o-evloop0.13": "2.2.5+dfsg2-8", "libh2o0.13": "2.2.5+dfsg2-8", "h2o": "2.2.5+dfsg2-8", "libh2o-evloop-dev": "2.2.5+dfsg2-8" } ], "priority_reason": "Listed in CISA Known Exploited Vulnerabilities Catalog" }
{ "availability": "No subscription required", "ubuntu_priority": "high", "binaries": [ { "haproxy": "2.6.15-1ubuntu2", "haproxy-doc": "2.6.15-1ubuntu2", "vim-haproxy": "2.6.15-1ubuntu2", "haproxy-dbgsym": "2.6.15-1ubuntu2" } ], "priority_reason": "Listed in CISA Known Exploited Vulnerabilities Catalog" }
{ "availability": "No subscription required", "ubuntu_priority": "high", "binaries": [ { "libnghttp2-14-dbgsym": "1.58.0-1", "nghttp2": "1.58.0-1", "libnghttp2-14": "1.58.0-1", "libnghttp2-dev": "1.58.0-1", "nghttp2-client-dbgsym": "1.58.0-1", "libnghttp2-doc": "1.58.0-1", "nghttp2-proxy": "1.58.0-1", "nghttp2-server": "1.58.0-1", "nghttp2-client": "1.58.0-1", "nghttp2-server-dbgsym": "1.58.0-1", "nghttp2-proxy-dbgsym": "1.58.0-1" } ], "priority_reason": "Listed in CISA Known Exploited Vulnerabilities Catalog" }