Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2022:0323

Опубликовано: 31 янв. 2022
Источник: rocky
Оценка: Important

Описание

Important: nginx:1.20 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.

The following packages have been upgraded to a later upstream version: nginx (1.20.1). (BZ#2031030)

Security Fix(es):

  • nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name (CVE-2021-23017)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
nginxx86_641.module+el8.6.0+791+48a2bb9dnginx-1.20.1-1.module+el8.6.0+791+48a2bb9d.x86_64.rpm
nginx-all-modulesnoarch1.module+el8.6.0+791+48a2bb9dnginx-all-modules-1.20.1-1.module+el8.6.0+791+48a2bb9d.noarch.rpm
nginx-filesystemnoarch1.module+el8.6.0+791+48a2bb9dnginx-filesystem-1.20.1-1.module+el8.6.0+791+48a2bb9d.noarch.rpm
nginx-mod-http-image-filterx86_641.module+el8.6.0+791+48a2bb9dnginx-mod-http-image-filter-1.20.1-1.module+el8.6.0+791+48a2bb9d.x86_64.rpm
nginx-mod-http-perlx86_641.module+el8.6.0+791+48a2bb9dnginx-mod-http-perl-1.20.1-1.module+el8.6.0+791+48a2bb9d.x86_64.rpm
nginx-mod-http-xslt-filterx86_641.module+el8.6.0+791+48a2bb9dnginx-mod-http-xslt-filter-1.20.1-1.module+el8.6.0+791+48a2bb9d.x86_64.rpm
nginx-mod-mailx86_641.module+el8.6.0+791+48a2bb9dnginx-mod-mail-1.20.1-1.module+el8.6.0+791+48a2bb9d.x86_64.rpm
nginx-mod-streamx86_641.module+el8.6.0+791+48a2bb9dnginx-mod-stream-1.20.1-1.module+el8.6.0+791+48a2bb9d.x86_64.rpm

Показывать по

Связанные CVE

CVE-2021-23017

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2021-23017

CVSS3: 7.7
ubuntu
около 4 лет назад

A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.

redhat логотип

CVE-2021-23017

CVSS3: 8.1
redhat
около 4 лет назад

A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.

nvd логотип

CVE-2021-23017

CVSS3: 7.7
nvd
около 4 лет назад

A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.

msrc логотип

CVE-2021-23017

CVSS3: 7.7
msrc
около 4 лет назад

Описание отсутствует

debian логотип

CVE-2021-23017

CVSS3: 7.7
debian
около 4 лет назад

A security issue in nginx resolver was identified, which might allow a ...