openSUSE-SU-2021:0835-1

Опубликовано: 03 июн. 2021

Источник: suse-cvrf

Описание

Security update for nginx

This update for nginx fixes the following issues:

CVE-2021-23017: nginx DNS resolver off-by-one heap write (bsc#1186126)

This update was imported from the SUSE:SLE-15-SP1:Update update project.

Список пакетов

openSUSE Leap 15.2

nginx-1.16.1-lp152.2.3.1

nginx-source-1.16.1-lp152.2.3.1

vim-plugin-nginx-1.16.1-lp152.2.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MGLK2LDX6LXOTDRBNVVWP2BFD3ISKDXF/
E-Mail link for openSUSE-SU-2021:0835-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1186126
SUSE Bug 1186126
https://www.suse.com/security/cve/CVE-2021-23017/
SUSE CVE CVE-2021-23017 page

Описание

A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.

Затронутые продукты

openSUSE Leap 15.2:nginx-1.16.1-lp152.2.3.1

openSUSE Leap 15.2:nginx-source-1.16.1-lp152.2.3.1

openSUSE Leap 15.2:vim-plugin-nginx-1.16.1-lp152.2.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-23017.html
CVE-2021-23017
https://bugzilla.suse.com/1186126
SUSE Bug 1186126

openSUSE-SU-2021:0835-1

Описание

Список пакетов

openSUSE Leap 15.2

Ссылки

Уязвимость: CVE-2021-23017

Описание

Затронутые продукты

Ссылки