[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1572-1] nginx security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : nginx
Version        : 1.6.2-5+deb8u6
CVE ID         : CVE-2018-16845
Debian Bug     : #913090

It was discovered that there was a denial of service (DoS) vulnerability
in the nginx web/proxy server.

As there was no validation for the size of a 64-bit atom in an MP4 file,
this could have led to a CPU hog when the size was 0, or various other
problems due to integer underflow when the calculating atom data size,
including segmentation faults or even worker-process memory disclosure.

For Debian 8 "Jessie", this issue has been fixed in nginx version
1.6.2-5+deb8u6.

We recommend that you upgrade your nginx packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlvkeD0ACgkQHpU+J9Qx
Hlj6qBAArSa0yIGhEBv5bpbqsU/b4x4i5BXXA1VUkkHr54Vu2ns8FxlcgB42RT31
CpidmDY2DjIybAmNxO0SuX5JWfwXeJbbvR+85qvrMCX6wymT8PKJdXYId16jwx/s
tmTVXKbDJ8f2wMMIyU6VLnuopvVAlWeNbZMehlHnc8ChyX32nEMHCduJwcFDvDrR
WvV2VcU8Leu3j+1g2DMGVb9Hmx+r4L0Mke6oj/2r3Jb1SVSZiXWH2Rh5LMw9ssdu
Znk9+9ln0L8xxjvX0mHyufPasrdWzixG2RR1Dohr1MalukDGERcaK8VmJg2i9onm
6Yg7WHOgdpVcTVZpkF9ZAtF3sobSJHSOJ3Kv+J+e54ovjCBYGCzOv+x2goSZhOQX
CFW6whHjmXCx01iny9jSjxg9GGVJBuKNeXLaw4Xkb21jfSggbmmyq5JF/DQpvFKP
V6ZNF9Tdk2tQCd8Tjvziw0ACg+sCX2InJyC0CCcVoBqNQOSTWh8ybx9APRhGcS3R
JbMcFkbbjAADaIvmJN63EARM5H/Njws+aHgQgU3PDfoy9CA6Q+EIGN5jSEvKh80b
/JAfUxc9GfIknUlhNAPveyZ/qs6AEWx1l34X2KJ+tANmW4g2YKkNsdDqwEoDNEK5
fOZMzZ9Cd9jxMXDVuc9+Kq3aOEpS8nhbMdBPMgulWnMqw7YJxoA=
=JRCt
-----END PGP SIGNATURE-----
Reply to: