MGASA-2018-0459

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2018-0459.html

Import Source

https://advisories.mageia.org/MGASA-2018-0459.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2018-0459

Related

Published

2018-11-17T22:23:26Z

Modified

2018-11-17T21:59:04Z

Summary

Updated nginx package fixes security vulnerabilities

Details

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption (CVE-2018-16843).

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage (CVE-2018-16844).

nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngxhttpmp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file (CVE-2018-16845).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:6 / nginx

Package

Name: nginx
Purl: pkg:rpm/mageia/nginx?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.10.3-1.2.mga6

Ecosystem specific

{
    "section": "core"
}