Advisories » MGASA-2018-0459

Updated nginx package fixes security vulnerabilities

Publication date: 17 Nov 2018
Modification date: 17 Nov 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-16843 , CVE-2018-16844 , CVE-2018-16845

Description

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the
implementation of HTTP/2 that can allow for excessive memory consumption
(CVE-2018-16843).

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the
implementation of HTTP/2 that can allow for excessive CPU usage
(CVE-2018-16844).

nginx before versions 1.15.6, 1.14.1 has a vulnerability in the
ngx_http_mp4_module, which might allow an attacker to cause infinite
loop in a worker process, cause a worker process crash, or might result
in worker process memory disclosure by using a specially crafted mp4
file (CVE-2018-16845).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=23821
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16843
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16844
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16845

SRPMS

6/core

• nginx-1.10.3-1.2.mga6