Bug 25303 - nginx security issues CVE-2019-9511, CVE-2019-9513, CVE-2019-9516
Summary: nginx security issues CVE-2019-9511, CVE-2019-9513, CVE-2019-9516
Status: NEW
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: Stig-Ørjan Smelror
QA Contact: Sec team
URL:
Whiteboard: MGA6TOO
Keywords:
Depends on:
Blocks:
 
Reported: 2019-08-14 07:26 CEST by Stig-Ørjan Smelror
Modified: 2019-08-16 20:11 CEST (History)
1 user (show)

See Also:
Source RPM: nginx-1.16.0-1.mga7.src.rpm
CVE: CVE-2019-9511, CVE-2019-9513, CVE-2019-9516
Status comment:


Attachments

Description Stig-Ørjan Smelror 2019-08-14 07:26:49 CEST
Upstream has fixed 3 issues

https://nginx.org/en/CHANGES-1.16
https://nginx.org/en/CHANGES
Stig-Ørjan Smelror 2019-08-14 07:27:16 CEST

CVE: (none) => CVE-2019-9511, CVE-2019-9513, CVE-2019-9516
Whiteboard: (none) => MGA7TOO

Comment 1 Stig-Ørjan Smelror 2019-08-14 07:36:40 CEST
Nginx updated to 1.17.3 for Cauldron

Source RPM: nginx-1.17.2-1.mga8.src.rpm => nginx-1.16.0-1.mga7.src.rpm
Version: Cauldron => 7
Whiteboard: MGA7TOO => (none)

Comment 2 Stig-Ørjan Smelror 2019-08-14 07:39:45 CEST
Advisory
========

When using HTTP/2 a client might cause excessive memory consumption and CPU usage (CVE-2019-9511, CVE-2019-9513, CVE-2019-9516).


References
==========
https://nginx.org/en/CHANGES-1.16


Files
=====

Uploaded to core/updates_testing

nginx-1.16.1-1.mga7

from nginx-1.16.1-1.mga7.src.rpm

Assignee: smelror => qa-bugs

Comment 3 David Walser 2019-08-16 20:10:56 CEST
Ubuntu has issued an advisory for this on August 15:
https://usn.ubuntu.com/4099-1/

Mageia 6 is also affected.

Whiteboard: (none) => MGA6TOO
Assignee: qa-bugs => smelror
CC: (none) => qa-bugs

David Walser 2019-08-16 20:11:05 CEST

Severity: normal => major


Note You need to log in before you can comment on or make changes to this bug.