Описание
ELSA-2020-5862: olcne nginx security update (IMPORTANT)
olcne [1.0.8-2]
- Added nginx-image resource in module definitions to ensure nginx image upgrading
[1.0.8-1]
- support upgrading nginx
- Adress CVE-2019-9511
- Adress CVE-2018-16845
- Adress CVE-2017-7529
- support upgrading flannel
nginx [1.17.7-2]
- Changed nginx home dir to /var/lib/nginx for consistency
[1.17.7-1]
- Added Oracle Specific Build Files for nginx
- Adress CVE-2019-9511
- Adress CVE-2018-16845
- Adress CVE-2017-7529
Обновленные пакеты
Oracle Linux 7
Oracle Linux x86_64
nginx
1.17.7-2.el7
nginx-all-modules
1.17.7-2.el7
nginx-filesystem
1.17.7-2.el7
nginx-mod-http-image-filter
1.17.7-2.el7
nginx-mod-http-perl
1.17.7-2.el7
nginx-mod-http-xslt-filter
1.17.7-2.el7
nginx-mod-mail
1.17.7-2.el7
nginx-mod-stream
1.17.7-2.el7
olcne-agent
1.0.8-2.el7
olcne-api-server
1.0.8-2.el7
olcne-nginx
1.0.8-2.el7
olcne-utils
1.0.8-2.el7
olcnectl
1.0.8-2.el7
Связанные CVE
Связанные уязвимости
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.