Описание
ELSA-2020-5495: nginx:1.16 security update (MODERATE)
[1:1.16.1-1.0.1.1]
- Remove Red Hat references [Orabug: 29498217]
[1:1.16.1-1.1]
- Resolves: #1898952 - CVE 2019-20372 nginx:1.16/nginx: HTTP request smuggling via error pages in http/ngx_http_special_response.c
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
Module nginx:1.16 is enabled
nginx
1.16.1-1.0.1.module+el8.3.0+7892+37ea59a5.1
nginx-all-modules
1.16.1-1.0.1.module+el8.3.0+7892+37ea59a5.1
nginx-filesystem
1.16.1-1.0.1.module+el8.3.0+7892+37ea59a5.1
nginx-mod-http-image-filter
1.16.1-1.0.1.module+el8.3.0+7892+37ea59a5.1
nginx-mod-http-perl
1.16.1-1.0.1.module+el8.3.0+7892+37ea59a5.1
nginx-mod-http-xslt-filter
1.16.1-1.0.1.module+el8.3.0+7892+37ea59a5.1
nginx-mod-mail
1.16.1-1.0.1.module+el8.3.0+7892+37ea59a5.1
nginx-mod-stream
1.16.1-1.0.1.module+el8.3.0+7892+37ea59a5.1
Oracle Linux x86_64
Module nginx:1.16 is enabled
nginx
1.16.1-1.0.1.module+el8.3.0+7892+37ea59a5.1
nginx-all-modules
1.16.1-1.0.1.module+el8.3.0+7892+37ea59a5.1
nginx-filesystem
1.16.1-1.0.1.module+el8.3.0+7892+37ea59a5.1
nginx-mod-http-image-filter
1.16.1-1.0.1.module+el8.3.0+7892+37ea59a5.1
nginx-mod-http-perl
1.16.1-1.0.1.module+el8.3.0+7892+37ea59a5.1
nginx-mod-http-xslt-filter
1.16.1-1.0.1.module+el8.3.0+7892+37ea59a5.1
nginx-mod-mail
1.16.1-1.0.1.module+el8.3.0+7892+37ea59a5.1
nginx-mod-stream
1.16.1-1.0.1.module+el8.3.0+7892+37ea59a5.1
Связанные CVE
Связанные уязвимости
NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.
NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.
NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.
NGINX before 1.17.7, with certain error_page configurations, allows HT ...