Advisories » MGASA-2020-0231

Updated nginx packages fix security vulnerability

Publication date: 27 May 2020
Modification date: 27 May 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-20372

Description

Nginx was updated due to the following vulnerabilities:
ngx_http_special_response.c: With a certain error_page configuration,
HTTP request smuggling is possible. Thus, an attacker may be able to
read unauthorized web pages at times when NGINX is being fronted by a
load balancer. (CVE-2019-20372).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=26086
• https://usn.ubuntu.com/4235-1/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20372

SRPMS

7/core

• nginx-1.16.1-1.2.mga7