A flaw in the popular nginx web server allows attackers to cause a denial of service using a specially crafted cookie. This can take websites and applications offline, requiring an immediate patch to prevent outages.
Ubuntu has issued a security notice for multiple vulnerabilities in nginx, a popular web server. The flaws could allow attackers to bypass security measures, cause a denial of service, or potentially execute arbitrary code. Systems running specific Ubuntu versions are affected, and immediate updates are recommended.
A new remote denial-of-service vulnerability, named HTTP/2 Bomb, affects major web servers including NGINX, Apache, Microsoft IIS, Envoy, and Cloudflare. The flaw exists in the default HTTP/2 configuration of these servers, making them susceptible to attack without any special setup, according to researchers.
Ubuntu has rolled back a recent Nginx security patch. The fix for a denial-of-service flaw was causing Nginx to crash with external modules, forcing a difficult choice between stability and security for many users.
Ubuntu has released patches for multiple critical vulnerabilities in Nginx. The flaws could expose sensitive information during SMTP authentication and allow attackers to inject plain text into proxied TLS connections. These issues affect core web server and mail proxy functionalities, requiring immediate attention from administrators.
NGINX Ingress Controller now natively supports mutual TLS (mTLS), making it much simpler for teams to secure traffic between services. This update helps enforce zero-trust security policies directly within Kubernetes without complex workarounds.
A critical security flaw in NGINX Plus and NGINX Open is being actively exploited in the wild, just days after it was disclosed. The vulnerability, CVE-2026-42945, is a heap buffer overflow affecting a wide range of NGINX versions from 0.6.27 through 1.30.0.