ALSA-2019:2799

[ALSA-2019:2799] Important: nginx:1.14 security update

Type:

security

Severity:

important

Release date:

2019-09-17

Description:

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 (Post Office Protocol 3) and IMAP protocols, with a focus on high concurrency, performance and low memory usage. 

Security Fix(es):

* HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511)

* HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513)

* HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	nginx-mod-mail-1.14.1-9.module_el8.4.0+2221+af250afe.alma.aarch64.rpm	10d4cdc902273c6acb526ad9ca36baccfac89ff0fac08eff05c478cb773ac927
aarch64	nginx-mod-http-perl-1.14.1-9.module_el8.4.0+2221+af250afe.alma.aarch64.rpm	2525abdc8aba8a4b5bb37e4af842f3b5f6365b075e930d3c15832c25aab2db00
aarch64	nginx-mod-http-xslt-filter-1.14.1-9.module_el8.4.0+2221+af250afe.alma.aarch64.rpm	4ac671d0698e5487d941dfe42c80a55e94f915852c4beacb1df1ba75b5dd1157
aarch64	nginx-mod-http-image-filter-1.14.1-9.module_el8.4.0+2221+af250afe.alma.aarch64.rpm	5283dfa99e4bc4939ef7367abb9ed3abe1ddcf7543867cf9098f02b8874f31dd
aarch64	nginx-1.14.1-9.module_el8.4.0+2221+af250afe.alma.aarch64.rpm	5d833655f7cf3b7d3de275b416bea8cafb498414d769e80cba8617a2c3f447af
aarch64	nginx-mod-stream-1.14.1-9.module_el8.4.0+2221+af250afe.alma.aarch64.rpm	6d01d567a00d2e52ee119dcebfd7489144697e817a94fd9e36e045b803e89f39
noarch	nginx-filesystem-1.14.1-9.module_el8.3.0+2165+af250afe.alma.noarch.rpm	3c71e42d0867977e81893acae24953e9f06959f0225f3ca56eb469ec1c43bf6a
noarch	nginx-all-modules-1.14.1-9.module_el8.3.0+2165+af250afe.alma.noarch.rpm	bf4ed3ce8e3bad52918018b6e5e012c14bfc21ef00f6ea019316377defcc2218
ppc64le	nginx-1.14.1-9.module_el8.5.0+34+dc1cfba5.alma.ppc64le.rpm	0201d70542bc6b4d9cf9217f0b54ae9f10707796ef30a6d925b9304cc92e7e39
ppc64le	nginx-mod-http-image-filter-1.14.1-9.module_el8.5.0+34+dc1cfba5.alma.ppc64le.rpm	595304df3a72de6e4c6e93238483296e159c9baca7134dd8c4ed328235c838f9
ppc64le	nginx-mod-http-xslt-filter-1.14.1-9.module_el8.5.0+34+dc1cfba5.alma.ppc64le.rpm	6e6ae877bcf5ab300dd29074f48361349abd2fc51f4f0a280c345b7c656c180f
ppc64le	nginx-mod-mail-1.14.1-9.module_el8.5.0+34+dc1cfba5.alma.ppc64le.rpm	942546edaca34a50d56a8174569d51a72aaa259a31e09b7c4a5146b6819b052c
ppc64le	nginx-mod-http-perl-1.14.1-9.module_el8.5.0+34+dc1cfba5.alma.ppc64le.rpm	baf4985bb52aa7868bffe77a36ded02db8758428511d2fb278971b1936fc0cc8
ppc64le	nginx-mod-stream-1.14.1-9.module_el8.5.0+34+dc1cfba5.alma.ppc64le.rpm	c053c197a551ee3be3081ead97acd46e838d74841658853034828371edae25bc
x86_64	nginx-1.14.1-9.module_el8.3.0+2165+af250afe.alma.x86_64.rpm	2be204cbeac539060859b798015fa6bb4fa88548cb144e8ab439b903cbfc35cb
x86_64	nginx-mod-stream-1.14.1-9.module_el8.3.0+2165+af250afe.alma.x86_64.rpm	526cbcbad782ccd14d7061eb5ae606b266ee09116266a433bd96f349601721f0
x86_64	nginx-mod-http-xslt-filter-1.14.1-9.module_el8.3.0+2165+af250afe.alma.x86_64.rpm	59d6cf9376996465a08a1b6f537c2481d58bf3ab2bb9f33978ddb647cb69d1fb
x86_64	nginx-mod-mail-1.14.1-9.module_el8.3.0+2165+af250afe.alma.x86_64.rpm	802375514daf270bf91de3fff83876e20c745d244063d0b76b30dab5c4370da0
x86_64	nginx-mod-http-image-filter-1.14.1-9.module_el8.3.0+2165+af250afe.alma.x86_64.rpm	9107bcf6f7311958171318acfbc4f25b09b8c733be46c494d4b37ce7e9f6598b
x86_64	nginx-mod-http-perl-1.14.1-9.module_el8.3.0+2165+af250afe.alma.x86_64.rpm	c70f32782b2fcc1844069bc1f769e70eccefc168f270b882efebeae9c8a1ea93

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.