Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2021:2290

Опубликовано: 08 июн. 2021
Источник: rocky
Оценка: Important

Описание

Important: nginx:1.16 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.

Security Fix(es):

  • nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name (CVE-2021-23017)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
nginxx86_642.module+el8.4.0+543+efbf198b.1nginx-1.16.1-2.module+el8.4.0+543+efbf198b.1.x86_64.rpm
nginx-all-modulesnoarch2.module+el8.4.0+543+efbf198b.1nginx-all-modules-1.16.1-2.module+el8.4.0+543+efbf198b.1.noarch.rpm
nginx-filesystemnoarch2.module+el8.4.0+543+efbf198b.1nginx-filesystem-1.16.1-2.module+el8.4.0+543+efbf198b.1.noarch.rpm
nginx-mod-http-image-filterx86_642.module+el8.4.0+543+efbf198b.1nginx-mod-http-image-filter-1.16.1-2.module+el8.4.0+543+efbf198b.1.x86_64.rpm
nginx-mod-http-perlx86_642.module+el8.4.0+543+efbf198b.1nginx-mod-http-perl-1.16.1-2.module+el8.4.0+543+efbf198b.1.x86_64.rpm
nginx-mod-http-xslt-filterx86_642.module+el8.4.0+543+efbf198b.1nginx-mod-http-xslt-filter-1.16.1-2.module+el8.4.0+543+efbf198b.1.x86_64.rpm
nginx-mod-mailx86_642.module+el8.4.0+543+efbf198b.1nginx-mod-mail-1.16.1-2.module+el8.4.0+543+efbf198b.1.x86_64.rpm
nginx-mod-streamx86_642.module+el8.4.0+543+efbf198b.1nginx-mod-stream-1.16.1-2.module+el8.4.0+543+efbf198b.1.x86_64.rpm

Показывать по

Связанные CVE

CVE-2021-23017

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2021-23017

CVSS3: 7.7
ubuntu
около 4 лет назад

A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.

redhat логотип

CVE-2021-23017

CVSS3: 8.1
redhat
около 4 лет назад

A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.

nvd логотип

CVE-2021-23017

CVSS3: 7.7
nvd
около 4 лет назад

A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.

msrc логотип

CVE-2021-23017

CVSS3: 7.7
msrc
около 4 лет назад

Описание отсутствует

debian логотип

CVE-2021-23017

CVSS3: 7.7
debian
около 4 лет назад

A security issue in nginx resolver was identified, which might allow a ...