[ALSA-2019:2799] Important: nginx:1.14 security update
Type:
security
Severity:
important
Release date:
2019-09-17
Description:
Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 (Post Office Protocol 3) and IMAP protocols, with a focus on high concurrency, performance and low memory usage. Security Fix(es): * HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511) * HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513) * HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages:
  • nginx-1.14.1-9.module_el8.3.0+2165+af250afe.alma.x86_64.rpm
  • nginx-all-modules-1.14.1-9.module_el8.3.0+2165+af250afe.alma.noarch.rpm
  • nginx-filesystem-1.14.1-9.module_el8.3.0+2165+af250afe.alma.noarch.rpm
  • nginx-mod-http-image-filter-1.14.1-9.module_el8.3.0+2165+af250afe.alma.x86_64.rpm
  • nginx-mod-http-perl-1.14.1-9.module_el8.3.0+2165+af250afe.alma.x86_64.rpm
  • nginx-mod-http-xslt-filter-1.14.1-9.module_el8.3.0+2165+af250afe.alma.x86_64.rpm
  • nginx-mod-mail-1.14.1-9.module_el8.3.0+2165+af250afe.alma.x86_64.rpm
  • nginx-mod-stream-1.14.1-9.module_el8.3.0+2165+af250afe.alma.x86_64.rpm
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.