Ubuntu has issued an advisory on November 7: https://usn.ubuntu.com/3812-1/
signing to all packagers collectively, since there is no registered maintainer for this package.
Assignee: bugsquad => pkg-bugsCC: (none) => marja11, mrambo
Patched package uploaded for Mageia 6. Advisory: ======================== Patched nginx package fixes security vulnerabilities: nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption (CVE-2018-16843). nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage (CVE-2018-16844). nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file (CVE-2018-16845). References: https://usn.ubuntu.com/3812-1/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16843 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16844 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16845 ======================== Updated packages in core/updates_testing: ======================== nginx-1.10.3-1.2.mga6 from nginx-1.10.3-1.2.mga6.src.rpm Testing procedure: https://bugs.mageia.org/show_bug.cgi?id=18595#c4
Keywords: (none) => has_procedureAssignee: pkg-bugs => qa-bugs
Mageia 6, x86_64 Replaced httpd.service with nginx and checked that the introductory page was presented at localhost. Updated, restarted the service and pointed the browser at localhost. Welcome page came up OK. Normal browsing is working fine, including Youtube. This looks OK for 64-bits.
CC: (none) => tarazed25
Whiteboard: (none) => MGA6-64-OK
Validating. Advisory in Comment 2.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
CC: (none) => lewyssmithKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0459.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED