nginx-mainline

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Lightweight HTTP server and IMAP/POP3 proxy server, mainline release
Version 1.17.3-1 [community]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1022 1.17.2-1 1.17.3-1 Medium Fixed
AVG-346 1.13.2-1 1.13.3-1 High Fixed
AVG-139 1.11.8-1 1.11.8-2 High Fixed FS#52547
Issue Group Severity Remote Type Description
CVE-2019-9516 AVG-1022 Medium Yes Denial of service
An issue has been found in several HTTP/2 implementations, where the attacker sends a stream of headers with a 0-length header name and 0-length header...
CVE-2019-9513 AVG-1022 Medium Yes Denial of service
An issue has been found in several HTTP/2 implementations, where the attacker creates multiple request streams and continually shuffles the priority of the...
CVE-2019-9511 AVG-1022 Medium Yes Denial of service
An issue has been found in several HTTP/2 implementations, where the attacker requests a large amount of data from a specified resource over multiple...
CVE-2017-7529 AVG-346 High Yes Information disclosure
A security issue was identified in the range filter module of nginx < 1.13.3. A specially crafted request might result in an integer overflow and incorrect...
CVE-2016-1247 AVG-139 High No Privilege escalation
A symlink attack vulnerability was discovered in nginx. An attacker who could already run commands under the nginx user id could use this access to append...

Advisories

Date Advisory Group Severity Description
16 Aug 2019 ASA-201908-12 AVG-1022 Medium denial of service
12 Jul 2017 ASA-201707-12 AVG-346 High information disclosure
15 Jan 2017 ASA-201701-24 AVG-139 High privilege escalation