var-201811-0988
Vulnerability from variot
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file. nginx Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. nginx is prone to multiple denial-of-service vulnerabilities. Attackers can exploit these issues to cause denial-of-service conditions. Versions prior to nginx 1.15.6 and 1.14.1 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. An attacker can exploit this vulnerability to consume a large amount of memory space.
For the stable distribution (stretch), these problems have been fixed in version 1.10.3-1+deb9u2.
We recommend that you upgrade your nginx packages. ========================================================================== Ubuntu Security Notice USN-3812-1 November 07, 2018
nginx vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in nginx.
Software Description: - nginx: small, powerful, scalable web/proxy server
Details:
It was discovered that nginx incorrectly handled the HTTP/2 implementation. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-16843)
Gal Goldshtein discovered that nginx incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause excessive CPU usage, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-16844)
It was discovered that nginx incorrectly handled the ngx_http_mp4_module module. A remote attacker could possibly use this issue with a specially crafted mp4 file to cause nginx to crash, stop responding, or access arbitrary memory. (CVE-2018-16845)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.10: nginx-common 1.15.5-0ubuntu2.1 nginx-core 1.15.5-0ubuntu2.1 nginx-extras 1.15.5-0ubuntu2.1 nginx-full 1.15.5-0ubuntu2.1 nginx-light 1.15.5-0ubuntu2.1
Ubuntu 18.04 LTS: nginx-common 1.14.0-0ubuntu1.2 nginx-core 1.14.0-0ubuntu1.2 nginx-extras 1.14.0-0ubuntu1.2 nginx-full 1.14.0-0ubuntu1.2 nginx-light 1.14.0-0ubuntu1.2
Ubuntu 16.04 LTS: nginx-common 1.10.3-0ubuntu0.16.04.3 nginx-core 1.10.3-0ubuntu0.16.04.3 nginx-extras 1.10.3-0ubuntu0.16.04.3 nginx-full 1.10.3-0ubuntu0.16.04.3 nginx-light 1.10.3-0ubuntu0.16.04.3
Ubuntu 14.04 LTS: nginx-common 1.4.6-1ubuntu3.9 nginx-core 1.4.6-1ubuntu3.9 nginx-extras 1.4.6-1ubuntu3.9 nginx-full 1.4.6-1ubuntu3.9 nginx-light 1.4.6-1ubuntu3.9
In general, a standard system update will make all the necessary changes.
The following packages have been upgraded to a later upstream version: rh-nginx114-nginx (1.14.1). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: rh-nginx110-nginx security update Advisory ID: RHSA-2018:3653-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2018:3653 Issue date: 2018-11-26 CVE Names: CVE-2018-16843 CVE-2018-16845 =====================================================================
- Summary:
An update for rh-nginx110-nginx is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.
Red Hat would like to thank the Nginx project for reporting these issues.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The rh-nginx110-nginx service must be restarted for this update to take effect.
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source: rh-nginx110-nginx-1.10.2-8.el6.1.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-8.el6.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-8.el6.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el6.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-8.el6.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el6.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-8.el6.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-8.el6.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source: rh-nginx110-nginx-1.10.2-8.el6.1.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-8.el6.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-8.el6.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el6.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-8.el6.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el6.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-8.el6.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-8.el6.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-nginx110-nginx-1.10.2-8.el7.1.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-8.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):
Source: rh-nginx110-nginx-1.10.2-8.el7.1.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-8.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):
Source: rh-nginx110-nginx-1.10.2-8.el7.1.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-8.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):
Source: rh-nginx110-nginx-1.10.2-8.el7.1.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-8.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-nginx110-nginx-1.10.2-8.el7.1.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-8.el7.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-8.el7.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2018-16843 https://access.redhat.com/security/cve/CVE-2018-16845 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBW/vmotzjgjWX9erEAQgLFQ//c0AzsoAslgezACNt/7IQuf7IJy0o3ZJS RivGOSPey3gjDQDioSB5LYv5W89fmX5lQ8NsSmx/K+soAPpsz2OmwkFrJ3Mu9D/U DvE5WxP0TQcJOizA9k6huKhwtLYLmkMrnRmZUIJ/E6BiLVZbAP8/1CnoryK+JBum Ml1oFeOZUgwz2x0pvBPVPqGsRBFK3cE1SRxnSHgvwchMxYKSTwrHMARYFUavOrmZ VVRbL8xIiCPCEl7/OPKO3QD4M2vXhMHRwaquZJS/A6+Vls53qGAjJ9q3iLE+sEl5 Lb3B3AkbOtURmmoKOb8wdWlo9YRHckG+4mLXonNCIUteSZDWukns8gKti+AcSyOs gZ4e+IXDahfnP1+Lg9StFthKexpGGwp/ASBi0OZ8ZmyA6IVQzGyXW7nADlrdolKj 9q2zXQMPVFEtYu7tvDb/eJZq+ch/fkjIywps6+lQKRTkRSkT7SzUuopRj4z0eWt7 hy7/WXdf9+55sR6VM2XTQi5Oj4xjJkzmrFuYc2tG9oLSc2M+11ouuY/DgaMGnilE HVFQ5L9OjV7fV3yPbxFIA2avu4BuCR2xwggQ0fNihAtcqmCiYSESfIsCvHcM+V4P AQIcEgyuW0KOPH7ygRcBFbniri+sYRAk96jRpZtccmCjw45DUZcFdeHWJheWcZNc chCvd465nBo= =EyM5 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2021-09-20-4 Xcode 13
Xcode 13 addresses the following issues.
IDE Xcode Server Available for: macOS Big Sur 11.3 and later Impact: Multiple issues in nginx Description: Multiple issues were addressed by updating nginx to version 1.21.0. CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 CVE-2017-7529 CVE-2018-16843 CVE-2018-16844 CVE-2018-16845 CVE-2019-20372
Installation note:
Xcode 13 may be obtained from:
https://developer.apple.com/xcode/downloads/
To check that the Xcode has been updated:
- Select Xcode in the menu bar
- Select About Xcode
- The version after applying this update will be "Xcode 13"
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0988", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ubuntu linux", "scope": "eq", "trust": 1.6, "vendor": "canonical", "version": "18.04" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.6, "vendor": "canonical", "version": "14.04" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.6, "vendor": "canonical", "version": "16.04" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.6, "vendor": "canonical", "version": "18.10" }, { "model": "nginx", "scope": "gt", "trust": 1.0, "vendor": "f5", "version": "1.15.0" }, { "model": "xcode", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "13.0" }, { "model": "nginx", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "1.15.6" }, { "model": "leap", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "15.1" }, { "model": "nginx", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "1.14.1" }, { "model": "nginx", "scope": "gt", "trust": 1.0, "vendor": "f5", "version": "1.9.5" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "ubuntu", "scope": null, "trust": 0.8, "vendor": "canonical", "version": null }, { "model": "gnu/linux", "scope": null, "trust": 0.8, "vendor": "debian", "version": null }, { "model": "nginx", "scope": "lt", "trust": 0.8, "vendor": "igor sysoev", "version": "1.14.1" }, { "model": "nginx", "scope": "lt", "trust": 0.8, "vendor": "igor sysoev", "version": "1.15.6" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "18.10" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "18.04" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "16.04" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.04" }, { "model": "software collections for rhel", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.15.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.14" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.13.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.12.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.11.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.11.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.11" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.10.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.10.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.9.15" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.9.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.9.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.9.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.8.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.7.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.6.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.13" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.16" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.15" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.14" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.11" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.2.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.18" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.17" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.6.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.6.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.6" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.4" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.2" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.11" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.5.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.2" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.4.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.6" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.4" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.2" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.13" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.3.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.2.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.6" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.5" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.4" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.3" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.2" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.19" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.16" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.15" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.14" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.13" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.11" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.10" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.1" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.1.0" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.9" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.8" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.7" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.15" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.14" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.13" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.12" }, { "model": "nginx", "scope": "eq", "trust": 0.3, "vendor": "nginx", "version": "1.0.10" }, { "model": "nginx", "scope": "ne", "trust": 0.3, "vendor": "nginx", "version": "1.15.6" }, { "model": "nginx", "scope": "ne", "trust": 0.3, "vendor": "nginx", "version": "1.14.1" } ], "sources": [ { "db": "BID", "id": "105868" }, { "db": "JVNDB", "id": "JVNDB-2018-011775" }, { "db": "NVD", "id": "CVE-2018-16843" }, { "db": "CNNVD", "id": "CNNVD-201811-131" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.14.1", "versionStartExcluding": "1.9.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.15.6", "versionStartExcluding": "1.15.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2018-16843" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Gal Goldshtein from F5 Networks, and Maxim Konovalov (Nginx)", "sources": [ { "db": "BID", "id": "105868" } ], "trust": 0.3 }, "cve": "CVE-2018-16843", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 6.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 7.8, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2018-16843", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-127243", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "secalert@redhat.com", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2018-16843", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2018-16843", "trust": 1.8, "value": "HIGH" }, { "author": "secalert@redhat.com", "id": "CVE-2018-16843", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201811-131", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-127243", "trust": 0.1, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2018-16843", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-127243" }, { "db": "VULMON", "id": "CVE-2018-16843" }, { "db": "JVNDB", "id": "JVNDB-2018-011775" }, { "db": "NVD", "id": "CVE-2018-16843" }, { "db": "NVD", "id": "CVE-2018-16843" }, { "db": "CNNVD", "id": "CNNVD-201811-131" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the \u0027http2\u0027 option of the \u0027listen\u0027 directive is used in a configuration file. nginx Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. nginx is prone to multiple denial-of-service vulnerabilities. \nAttackers can exploit these issues to cause denial-of-service conditions. \nVersions prior to nginx 1.15.6 and 1.14.1 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. An attacker can exploit this vulnerability to consume a large amount of memory space. \n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1.10.3-1+deb9u2. \n\nWe recommend that you upgrade your nginx packages. ==========================================================================\nUbuntu Security Notice USN-3812-1\nNovember 07, 2018\n\nnginx vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 18.10\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in nginx. \n\nSoftware Description:\n- nginx: small, powerful, scalable web/proxy server\n\nDetails:\n\nIt was discovered that nginx incorrectly handled the HTTP/2 implementation. This issue only affected\nUbuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-16843)\n\nGal Goldshtein discovered that nginx incorrectly handled the HTTP/2\nimplementation. A remote attacker could possibly use this issue to cause\nexcessive CPU usage, leading to a denial of service. This issue only\naffected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. \n(CVE-2018-16844)\n\nIt was discovered that nginx incorrectly handled the ngx_http_mp4_module\nmodule. A remote attacker could possibly use this issue with a specially\ncrafted mp4 file to cause nginx to crash, stop responding, or access\narbitrary memory. (CVE-2018-16845)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 18.10:\n nginx-common 1.15.5-0ubuntu2.1\n nginx-core 1.15.5-0ubuntu2.1\n nginx-extras 1.15.5-0ubuntu2.1\n nginx-full 1.15.5-0ubuntu2.1\n nginx-light 1.15.5-0ubuntu2.1\n\nUbuntu 18.04 LTS:\n nginx-common 1.14.0-0ubuntu1.2\n nginx-core 1.14.0-0ubuntu1.2\n nginx-extras 1.14.0-0ubuntu1.2\n nginx-full 1.14.0-0ubuntu1.2\n nginx-light 1.14.0-0ubuntu1.2\n\nUbuntu 16.04 LTS:\n nginx-common 1.10.3-0ubuntu0.16.04.3\n nginx-core 1.10.3-0ubuntu0.16.04.3\n nginx-extras 1.10.3-0ubuntu0.16.04.3\n nginx-full 1.10.3-0ubuntu0.16.04.3\n nginx-light 1.10.3-0ubuntu0.16.04.3\n\nUbuntu 14.04 LTS:\n nginx-common 1.4.6-1ubuntu3.9\n nginx-core 1.4.6-1ubuntu3.9\n nginx-extras 1.4.6-1ubuntu3.9\n nginx-full 1.4.6-1ubuntu3.9\n nginx-light 1.4.6-1ubuntu3.9\n\nIn general, a standard system update will make all the necessary changes. \n\nThe following packages have been upgraded to a later upstream version:\nrh-nginx114-nginx (1.14.1). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: rh-nginx110-nginx security update\nAdvisory ID: RHSA-2018:3653-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2018:3653\nIssue date: 2018-11-26\nCVE Names: CVE-2018-16843 CVE-2018-16845 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-nginx110-nginx is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nnginx is a web and proxy server supporting HTTP and other protocols, with a\nfocus on high concurrency, performance, and low memory usage. \n\nRed Hat would like to thank the Nginx project for reporting these issues. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe rh-nginx110-nginx service must be restarted for this update to take\neffect. \n\n5. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nrh-nginx110-nginx-1.10.2-8.el6.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-8.el6.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-8.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-8.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-8.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-8.el6.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nrh-nginx110-nginx-1.10.2-8.el6.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-8.el6.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-8.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-8.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-8.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-8.el6.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nginx110-nginx-1.10.2-8.el7.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-8.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):\n\nSource:\nrh-nginx110-nginx-1.10.2-8.el7.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-8.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):\n\nSource:\nrh-nginx110-nginx-1.10.2-8.el7.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-8.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nrh-nginx110-nginx-1.10.2-8.el7.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-8.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-nginx110-nginx-1.10.2-8.el7.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-8.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-8.el7.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-16843\nhttps://access.redhat.com/security/cve/CVE-2018-16845\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBW/vmotzjgjWX9erEAQgLFQ//c0AzsoAslgezACNt/7IQuf7IJy0o3ZJS\nRivGOSPey3gjDQDioSB5LYv5W89fmX5lQ8NsSmx/K+soAPpsz2OmwkFrJ3Mu9D/U\nDvE5WxP0TQcJOizA9k6huKhwtLYLmkMrnRmZUIJ/E6BiLVZbAP8/1CnoryK+JBum\nMl1oFeOZUgwz2x0pvBPVPqGsRBFK3cE1SRxnSHgvwchMxYKSTwrHMARYFUavOrmZ\nVVRbL8xIiCPCEl7/OPKO3QD4M2vXhMHRwaquZJS/A6+Vls53qGAjJ9q3iLE+sEl5\nLb3B3AkbOtURmmoKOb8wdWlo9YRHckG+4mLXonNCIUteSZDWukns8gKti+AcSyOs\ngZ4e+IXDahfnP1+Lg9StFthKexpGGwp/ASBi0OZ8ZmyA6IVQzGyXW7nADlrdolKj\n9q2zXQMPVFEtYu7tvDb/eJZq+ch/fkjIywps6+lQKRTkRSkT7SzUuopRj4z0eWt7\nhy7/WXdf9+55sR6VM2XTQi5Oj4xjJkzmrFuYc2tG9oLSc2M+11ouuY/DgaMGnilE\nHVFQ5L9OjV7fV3yPbxFIA2avu4BuCR2xwggQ0fNihAtcqmCiYSESfIsCvHcM+V4P\nAQIcEgyuW0KOPH7ygRcBFbniri+sYRAk96jRpZtccmCjw45DUZcFdeHWJheWcZNc\nchCvd465nBo=\n=EyM5\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-09-20-4 Xcode 13\n\nXcode 13 addresses the following issues. \n\nIDE Xcode Server\nAvailable for: macOS Big Sur 11.3 and later\nImpact: Multiple issues in nginx\nDescription: Multiple issues were addressed by updating nginx to\nversion 1.21.0. \nCVE-2016-0742\nCVE-2016-0746\nCVE-2016-0747\nCVE-2017-7529\nCVE-2018-16843\nCVE-2018-16844\nCVE-2018-16845\nCVE-2019-20372\n\nInstallation note:\n\nXcode 13 may be obtained from:\n\nhttps://developer.apple.com/xcode/downloads/\n\nTo check that the Xcode has been updated:\n\n* Select Xcode in the menu bar\n* Select About Xcode\n* The version after applying this update will be \"Xcode 13\"", "sources": [ { "db": "NVD", "id": "CVE-2018-16843" }, { "db": "JVNDB", "id": "JVNDB-2018-011775" }, { "db": "BID", "id": "105868" }, { "db": "VULHUB", "id": "VHN-127243" }, { "db": "VULMON", "id": "CVE-2018-16843" }, { "db": "PACKETSTORM", "id": "150253" }, { "db": "PACKETSTORM", "id": "150214" }, { "db": "PACKETSTORM", "id": "150480" }, { "db": "PACKETSTORM", "id": "150481" }, { "db": "PACKETSTORM", "id": "150458" }, { "db": "PACKETSTORM", "id": "164240" } ], "trust": 2.61 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-16843", "trust": 3.5 }, { "db": "BID", "id": "105868", "trust": 2.0 }, { "db": "SECTRACK", "id": "1042038", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2018-011775", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201811-131", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "164240", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2019.3384", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.3157", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.0464", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.0451", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022042571", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "150214", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "150458", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "150480", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "150481", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "150253", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-127243", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2018-16843", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-127243" }, { "db": "VULMON", "id": "CVE-2018-16843" }, { "db": "BID", "id": "105868" }, { "db": "JVNDB", "id": "JVNDB-2018-011775" }, { "db": "PACKETSTORM", "id": "150253" }, { "db": "PACKETSTORM", "id": "150214" }, { "db": "PACKETSTORM", "id": "150480" }, { "db": "PACKETSTORM", "id": "150481" }, { "db": "PACKETSTORM", "id": "150458" }, { "db": "PACKETSTORM", "id": "164240" }, { "db": "NVD", "id": "CVE-2018-16843" }, { "db": "CNNVD", "id": "CNNVD-201811-131" } ] }, "id": "VAR-201811-0988", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-127243" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T11:40:26.729000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "DSA-4335", "trust": 0.8, "url": "https://www.debian.org/security/2018/dsa-4335" }, { "title": "USN-3812-1", "trust": 0.8, "url": "https://usn.ubuntu.com/3812-1/" }, { "title": "CVE-2018-16843, CVE-2018-16844", "trust": 0.8, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html" }, { "title": "nginx Security vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=86634" }, { "title": "Red Hat: Important: rh-nginx110-nginx security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20183653 - security advisory" }, { "title": "Red Hat: Important: rh-nginx114-nginx security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20183681 - security advisory" }, { "title": "Red Hat: Important: rh-nginx112-nginx security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20183680 - security advisory" }, { "title": "Ubuntu Security Notice: nginx vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3812-1" }, { "title": "Debian CVElist Bug Report Logs: nginx: CVE-2018-16843 CVE-2018-16844 CVE-2018-16845", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=f21dcb5d073b4fb671c738fa256c2347" }, { "title": "Red Hat: CVE-2018-16843", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2018-16843" }, { "title": "Amazon Linux AMI: ALAS-2018-1125", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2018-1125" }, { "title": "anitazhaochen.github.io", "trust": 0.1, "url": "https://github.com/anitazhaochen/anitazhaochen.github.io " } ], "sources": [ { "db": "VULMON", "id": "CVE-2018-16843" }, { "db": "JVNDB", "id": "JVNDB-2018-011775" }, { "db": "CNNVD", "id": "CNNVD-201811-131" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-400", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-127243" }, { "db": "JVNDB", "id": "JVNDB-2018-011775" }, { "db": "NVD", "id": "CVE-2018-16843" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2018-16843" }, { "trust": 2.0, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html" }, { "trust": 2.0, "url": "https://usn.ubuntu.com/3812-1/" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2018:3653" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2018:3680" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2018:3681" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/105868" }, { "trust": 1.7, "url": "https://support.apple.com/kb/ht212818" }, { "trust": 1.7, "url": "https://www.debian.org/security/2018/dsa-4335" }, { "trust": 1.7, "url": "http://seclists.org/fulldisclosure/2021/sep/36" }, { "trust": 1.7, "url": "http://www.securitytracker.com/id/1042038" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16843" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16843" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2018-16843" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2018-16845" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16845" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1489143" }, { "trust": 0.6, "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192309-1.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0464/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.3384/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/75522" }, { "trust": 0.6, "url": "https://www.ibm.com/support/docview.wss?uid=ibm10960610" }, { "trust": 0.6, "url": "https://support.apple.com/en-us/ht212818" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3157" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022042571" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-aspera-web-shares-application-is-affected-by-nginx-vulnerabilities-cve-2018-16845-cve-2018-16843-cve-2019-7401/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/164240/apple-security-advisory-2021-09-20-4.html" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2018-16844" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16844" }, { "trust": 0.3, "url": "http://nginx.org/" }, { "trust": 0.3, "url": "http://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html" }, { "trust": 0.3, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2018-16845" }, { "trust": 0.3, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2018-16844" }, { "trust": 0.3, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.3, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.3, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.3, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.1, "url": "https://security-tracker.debian.org/tracker/nginx" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://www.debian.org/security/" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nginx/1.14.0-0ubuntu1.2" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/usn/usn-3812-1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nginx/1.4.6-1ubuntu3.9" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nginx/1.15.5-0ubuntu2.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nginx/1.10.3-0ubuntu0.16.04.3" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20372" }, { "trust": 0.1, "url": "https://support.apple.com/kb/ht201222" }, { "trust": 0.1, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.1, "url": "https://developer.apple.com/xcode/downloads/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0746" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0747" }, { "trust": 0.1, "url": "https://support.apple.com/ht212818." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0742" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7529" } ], "sources": [ { "db": "VULHUB", "id": "VHN-127243" }, { "db": "BID", "id": "105868" }, { "db": "JVNDB", "id": "JVNDB-2018-011775" }, { "db": "PACKETSTORM", "id": "150253" }, { "db": "PACKETSTORM", "id": "150214" }, { "db": "PACKETSTORM", "id": "150480" }, { "db": "PACKETSTORM", "id": "150481" }, { "db": "PACKETSTORM", "id": "150458" }, { "db": "PACKETSTORM", "id": "164240" }, { "db": "NVD", "id": "CVE-2018-16843" }, { "db": "CNNVD", "id": "CNNVD-201811-131" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-127243" }, { "db": "VULMON", "id": "CVE-2018-16843" }, { "db": "BID", "id": "105868" }, { "db": "JVNDB", "id": "JVNDB-2018-011775" }, { "db": "PACKETSTORM", "id": "150253" }, { "db": "PACKETSTORM", "id": "150214" }, { "db": "PACKETSTORM", "id": "150480" }, { "db": "PACKETSTORM", "id": "150481" }, { "db": "PACKETSTORM", "id": "150458" }, { "db": "PACKETSTORM", "id": "164240" }, { "db": "NVD", "id": "CVE-2018-16843" }, { "db": "CNNVD", "id": "CNNVD-201811-131" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-11-07T00:00:00", "db": "VULHUB", "id": "VHN-127243" }, { "date": "2018-11-07T00:00:00", "db": "VULMON", "id": "CVE-2018-16843" }, { "date": "2018-11-06T00:00:00", "db": "BID", "id": "105868" }, { "date": "2019-01-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-011775" }, { "date": "2018-11-12T16:57:53", "db": "PACKETSTORM", "id": "150253" }, { "date": "2018-11-07T17:35:27", "db": "PACKETSTORM", "id": "150214" }, { "date": "2018-11-27T17:24:35", "db": "PACKETSTORM", "id": "150480" }, { "date": "2018-11-27T17:24:48", "db": "PACKETSTORM", "id": "150481" }, { "date": "2018-11-26T10:02:22", "db": "PACKETSTORM", "id": "150458" }, { "date": "2021-09-22T16:28:58", "db": "PACKETSTORM", "id": "164240" }, { "date": "2018-11-07T14:29:00.777000", "db": "NVD", "id": "CVE-2018-16843" }, { "date": "2018-11-08T00:00:00", "db": "CNNVD", "id": "CNNVD-201811-131" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-10T00:00:00", "db": "VULHUB", "id": "VHN-127243" }, { "date": "2022-02-22T00:00:00", "db": "VULMON", "id": "CVE-2018-16843" }, { "date": "2018-11-06T00:00:00", "db": "BID", "id": "105868" }, { "date": "2019-01-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-011775" }, { "date": "2022-02-22T19:27:12.350000", "db": "NVD", "id": "CVE-2018-16843" }, { "date": "2023-05-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201811-131" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "150214" }, { "db": "CNNVD", "id": "CNNVD-201811-131" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "nginx Vulnerable to resource exhaustion", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-011775" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-201811-131" } ], "trust": 0.6 } }
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.