Nginx version 1.20.0 suffers from a denial of service vulnerability.
d5e69479a9c5a46d1cf68eb6f70e5c392f4e2292c4ebd20a8e40b7422c4f6f23Red Hat Security Advisory 2022-0323-02 - nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.
4f03d3e49396720f7d02b33aa62543a41ba6d85be14ea7d9fefcdfa52b68570fRed Hat Security Advisory 2021-4618-01 - Red Hat Advanced Cluster Management for Kubernetes 2.4.0 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs and security issues. Issues addressed include buffer overflow, denial of service, information leakage, integer overflow, out of bounds read, and path sanitization vulnerabilities.
14809d9261f291a519a153713fcca44c926124a2a48c8d989887911783dba47fRed Hat Security Advisory 2021-3925-01 - Red Hat Advanced Cluster Management for Kubernetes 2.3.3 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs and provide security updates. Issues addressed include denial of service, information leakage, integer overflow, and out of bounds read vulnerabilities.
fd1035fefbb8b3d06fa3e4a659771a25d330eb9fd90f1ff55f4f16a1d0ab3d2cRed Hat Security Advisory 2021-3873-01 - Red Hat Advanced Cluster Management for Kubernetes 2.2.9 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console — with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide bug fixes and security fixes. Issues addressed include bypass, denial of service, integer overflow, and out of bounds read vulnerabilities.
b4c1512c3c02a0773b56b0befe34c43efa0dbab79ff54109600f1815b01d985eRed Hat Security Advisory 2021-3653-01 - Red Hat Advanced Cluster Management 2.1.11 security fix and container updates are available.
15f863255ce01b9af4125b6f699165597020889114335a232c7f75076dc7e35cRed Hat Security Advisory 2021-2290-01 - nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.
1651d0dd6c4d8e6407c692a21c98162f056535fdccc533aa9812afe1ddf2044fRed Hat Security Advisory 2021-2278-01 - nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.
0b6bda0bb5955a9bd2d171a0806989f7c74f4ffd35606ccdefe019cda34eb38cRed Hat Security Advisory 2021-2259-01 - nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.
5ff90ade67bcdf00bb5c71748bc55906a7adddb89744b77059d1349f442d43f3Red Hat Security Advisory 2021-2258-01 - nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.
07bb2c98530ba79d1573f2b391d4116590031c337af730da7f8910dced50d8feDebian Linux Security Advisory 4921-1 - Luis Merino, Markus Vervier and Eric Sesterhenn discovered an off-by-one in Nginx, a high-performance web and reverse proxy server, which could result in denial of service and potentially the execution of arbitrary code.
09f330ad84d8d271d1fb4c1e34cc1a82845cc410ad88e9e1ad526b84cb5e3cecUbuntu Security Notice 4967-2 - USN-4967-1 fixed a vulnerability in nginx. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. Luis Merino, Markus Vervier, and Eric Sesterhenn discovered that nginx incorrectly handled responses to the DNS resolver. A remote attacker could use this issue to cause nginx to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
fa9566f11a9fe7fedfd3308556728e7989e3d35072dac1fff279c3e363c3e755Gentoo Linux Security Advisory 202105-38 - A vulnerability in nginx could lead to remote code execution. Versions less than 1.21.0 are affected.
20572af334a8f1e1ee046ba9e037e28de9c8585c3e1753cd1216bebc3019b5beAn off-by-one error in ngx_resolver_copy() while processing DNS responses allows a network attacker to write a dot character ('.', 0x2E) out of bounds in a heap allocated buffer. The vulnerability can be triggered by a DNS response in reply to a DNS request from nginx when the resolver primitive is configured. A specially crafted packet allows overwriting the least significant byte of next heap chunk metadata with 0x2E. A network attacker capable of providing DNS responses to a nginx server can achieve Denial-of-Service and likely remote code execution. Due to the lack of DNS spoofing mitigations in nginx and the fact that the vulnerable function is called before checking the DNS Transaction ID, remote attackers might be able to exploit this vulnerability by flooding the victim server with poisoned DNS responses in a feasible amount of time.
3dfbbfc75ab8248919c960e6279f4525444e77d8b1532e2dc80da38820b690c4Ubuntu Security Notice 4967-1 - Luis Merino, Markus Vervier, and Eric Sesterhenn discovered that nginx incorrectly handled responses to the DNS resolver. A remote attacker could use this issue to cause nginx to crash, resulting in a denial of service, or possibly execute arbitrary code.
0f814519864a2c1f00e089303aebba070126d095871ca25d8c1a1514b228d000
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed