USN-4099-1: nginx vulnerabilities
15 August 2019
nginx could be made to crash if it received specially crafted network traffic.
Releases
Packages
- nginx - small, powerful, scalable web/proxy server
Details
Jonathan Looney discovered that nginx incorrectly handled the HTTP/2
implementation. A remote attacker could possibly use this issue to consume
resources, leading to a denial of service.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 19.04
-
nginx-common
-
1.15.9-0ubuntu1.1
-
nginx-core
-
1.15.9-0ubuntu1.1
-
nginx-extras
-
1.15.9-0ubuntu1.1
-
nginx-full
-
1.15.9-0ubuntu1.1
-
nginx-light
-
1.15.9-0ubuntu1.1
Ubuntu 18.04
-
nginx-common
-
1.14.0-0ubuntu1.4
-
nginx-core
-
1.14.0-0ubuntu1.4
-
nginx-extras
-
1.14.0-0ubuntu1.4
-
nginx-full
-
1.14.0-0ubuntu1.4
-
nginx-light
-
1.14.0-0ubuntu1.4
Ubuntu 16.04
-
nginx-common
-
1.10.3-0ubuntu0.16.04.4
-
nginx-core
-
1.10.3-0ubuntu0.16.04.4
-
nginx-extras
-
1.10.3-0ubuntu0.16.04.4
-
nginx-full
-
1.10.3-0ubuntu0.16.04.4
-
nginx-light
-
1.10.3-0ubuntu0.16.04.4
In general, a standard system update will make all the necessary changes.
References
Related notices
- USN-6754-1: libnghttp2-14, nghttp2-server, nghttp2-client, libnghttp2-doc, nghttp2, libnghttp2-dev, nghttp2-proxy