This update for nghttp2 fixes the following issue:
CVE-2026-27135: assertion failure due to missing state validation can lead to DoS (bsc#1259845).
Affected Packages
libnghttp2_asio-devel
SUSE Linux Enterprise Module for Basesystem 15 SP7SUSE Linux Enterprise Server 15 SP6-LTSSSUSE Linux Enterprise Server for SAP Applications 15 SP6openSUSE Leap 15.6
Fixed in:
1.40.0-150600.25.5.1
libnghttp2_asio1
SUSE Linux Enterprise Module for Basesystem 15 SP7SUSE Linux Enterprise Server 15 SP6-LTSSSUSE Linux Enterprise Server for SAP Applications 15 SP6openSUSE Leap 15.6
Fixed in:
1.40.0-150600.25.5.1
nghttp2
SUSE Linux Enterprise Module for Basesystem 15 SP7SUSE Linux Enterprise Server 15 SP6-LTSSSUSE Linux Enterprise Server for SAP Applications 15 SP6openSUSE Leap 15.6
Fixed in:
1.40.0-150600.25.5.1
libnghttp2-14
SUSE Linux Enterprise Server 15 SP6-LTSSSUSE Linux Enterprise Server for SAP Applications 15 SP6openSUSE Leap 15.6
Fixed in:
1.40.0-150600.25.5.1
libnghttp2-14-32bit
SUSE Linux Enterprise Server 15 SP6-LTSSSUSE Linux Enterprise Server for SAP Applications 15 SP6openSUSE Leap 15.6
Fixed in:
1.40.0-150600.25.5.1
libnghttp2-devel
SUSE Linux Enterprise Server 15 SP6-LTSSSUSE Linux Enterprise Server for SAP Applications 15 SP6openSUSE Leap 15.6