RSS

Ubuntu 24.04/26.04 Nginx Security Update Breaks Many Dynamic Modules

EgoProblem1 pts0 comments

Bug #2155992 “headers-more dynamic module crash | Signal 11 and...” : Bugs : nginx package : Ubuntu

Log in / Register

Ubuntu<br>nginx package

Overview

Code

Bugs

Blueprints

Translations

Answers

headers-more dynamic module crash | Signal 11 and 6 Crashes due to ABI breakage on 1.24.0-2ubuntu7.10 and 1.28.3-2ubuntu1.3

Bug #2155992 reported by<br>ar5k4u<br>10 hours ago

448

This bug affects 35 people

Affects<br>Status<br>Importance<br>Assigned to<br>Milestone

libnginx-mod-http-dav-ext (Ubuntu)

Status tracked in<br>Stonking

Jammy

New

Undecided

Unassigned

Noble

New

Undecided

Unassigned

Questing

New

Undecided

Unassigned

Resolute

New

Undecided

Unassigned

Stonking

Confirmed

Undecided

Unassigned

libnginx-mod-http-echo (Ubuntu)

Status tracked in<br>Stonking

Jammy

New

Undecided

Unassigned

Noble

New

Undecided

Unassigned

Questing

New

Undecided

Unassigned

Resolute

New

Undecided

Unassigned

Stonking

Confirmed

Undecided

Unassigned

libnginx-mod-http-headers-more-filter (Ubuntu)

Status tracked in<br>Stonking

Jammy

New

Undecided

Unassigned

Noble

New

Undecided

Unassigned

Questing

New

Undecided

Unassigned

Resolute

New

Undecided

Unassigned

Stonking

Confirmed

Undecided

Unassigned

libnginx-mod-http-lua (Ubuntu)

Status tracked in<br>Stonking

Jammy

New

Undecided

Unassigned

Noble

New

Undecided

Unassigned

Questing

New

Undecided

Unassigned

Resolute

New

Undecided

Unassigned

Stonking

Confirmed

Undecided

Unassigned

libnginx-mod-http-modsecurity (Ubuntu)

Status tracked in<br>Stonking

Jammy

New

Undecided

Unassigned

Noble

New

Undecided

Unassigned

Questing

New

Undecided

Unassigned

Resolute

New

Undecided

Unassigned

Stonking

Confirmed

Undecided

Unassigned

libnginx-mod-http-uploadprogress (Ubuntu)

Status tracked in<br>Stonking

Jammy

New

Undecided

Unassigned

Noble

New

Undecided

Unassigned

Questing

New

Undecided

Unassigned

Resolute

New

Undecided

Unassigned

Stonking

Confirmed

Undecided

Unassigned

nginx (Ubuntu)

Status tracked in<br>Stonking

Jammy

In Progress

Critical

Marc Deslauriers

Noble

In Progress

Critical

Marc Deslauriers

Questing

In Progress

Critical

Marc Deslauriers

Resolute

In Progress

Critical

Marc Deslauriers

Stonking

In Progress

Critical

Marc Deslauriers

Bug Description

Environment:

- OS: Ubuntu 24.04 LTS (noble), arm64

- nginx package: nginx 1.24.0-2ubuntu7.10

- nginx flavor: nginx-extras 1.24.0-2ubuntu7.10

- headers-more package: libnginx-mod-http-headers-more-filter 1:0.37-2build1

- Architecture: arm64

- TLS/HTTP: HTTPS with HTTP/2 enabled

Summary:

When the headers-more dynamic module is enabled and `more_set_headers "Server: TJ Server";` is configured, nginx workers crash repeatedly while serving HTTP/2 requests.

Clients see intermittent `ERR_CONNECTION_RESET`, `ERR_EMPTY_RESPONSE`, WebSocket close code `1006`, and curl may report an invalid HTTP/2 header field.

The issue disappears when the headers-more module/directive is disabled while keeping HTTP/2 enabled. Normal nginx `add_header` security headers continue to work correctly.

Relevant configuration:

```nginx

include /etc/nginx/modules-enabled/*.conf;

http { 11:27:57 [77/1841]

server_tokens off;

more_set_headers "Server: TJ Server";

server {

server_name mystock.emoco.kr;

listen 443 ssl http2;

ssl_certificate /etc/letsencrypt/live/mystock.emoco.kr/fullchain.pem;

ssl_certificate_key /etc/letsencrypt/live/mystock.emoco.kr/privkey.pem;

add_header X-Content-Type-Options "nosniff" always;

add_header X-Frame-Options "SAMEORIGIN" always;

add_header Referrer-Policy "strict-origin-when-cross-origin" always;

add_header Permissions-Policy "camera=(), microphone=(), geolocation=()" always;

add_header Strict-Transport-Security "max-age=31536000" always;

location / {

proxy_pass http://localhost:3000;

proxy_http_version 1.1;

proxy_set_header Host $host;

proxy_set_header X-Forwarded-Proto $scheme;

location /api {

proxy_pass http://localhost:8000;

proxy_http_version 1.1;

proxy_set_header Upgrade $http_upgrade;

proxy_set_header Connection "upgrade";

proxy_set_header Host $host;

proxy_read_timeout 86400s;

proxy_send_timeout 86400s;

Actual behavior:

After enabling more_set_headers "Server: TJ Server"; with HTTP/2, nginx workers crash repeatedly.

systemd journal examples:

nginx[1697786]: double free or corruption (!prev)

nginx[1697785]: worker process 1697786 exited on signal 6 (core dumped)

nginx[1697785]: worker process 1697788 exited on signal 11 (core dumped)

curl example:

curl: (92) Invalid HTTP header field was received: frame type: 1, stream: 1, name: [], value: [...]

Browser symptoms:

GET /icon.svg net::ERR_CONNECTION_RESET

GET /api/... net::ERR_EMPTY_RESPONSE

WebSocket closed: 1006

Expected behavior:

nginx should not crash. more_set_headers should either set the Server header safely for HTTP/2 responses or reject/ignore unsupported header manipulation without corrupting

HTTP/2 response headers or causing worker...

undecided unassigned http nginx stonking ubuntu

Related Articles

The Newest Instagram "Exploit" Is the Goofiest I've Seen

ssiddharth34 ptsaccount attacker email instagram seen like

Apple WWDC 2026 Livestream

nextstep32 ptsapple stream video event live feed

It's Not Just X. It's Y

mooreds21 ptslanguage model writing like grammarly human

Show HN: GoPeek – open links in live mini browser windows without new tabs

GeorgeWoff2518 ptsgopeek open browser links live mini

Agent Memory: An Anatomy

brgsk17 ptsmemory library user agent semantic libraries
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.