Msrc Azl3 Nghttp2 1.61.0-2 On Azure Linux 3.0 vulnerabilities

CVE-2026-27135 [HIGH] CWE-617 nghttp2 Denial of service: Assertion failure due to the missing state validation nghttp2 Denial of service: Assertion failure due to the missing state validation Mariner: Mariner GitHub_M: GitHub_M Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2026-1979 [MEDIUM] CWE-416 mruby JMPNOT-to-JMPIF Optimization vm.c mrb_vm_exec use after free mruby JMPNOT-to-JMPIF Optimization vm.c mrb_vm_exec use after free Mariner: Mariner VulDB: VulDB Customer Action Required: Yes

CVE-2025-12875 [MEDIUM] CWE-787 mruby array.c ary_fill_exec out-of-bounds write mruby array.c ary_fill_exec out-of-bounds write Mariner: Mariner VulDB: VulDB Customer Action Required: Yes

CVE-2025-7207 [MEDIUM] CWE-122 mruby nregs codegen.c scope_new heap-based overflow mruby nregs codegen.c scope_new heap-based overflow FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the dist