[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2283-1] nginx security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2283-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                                     
July 20, 2020                                 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : nginx
Version        : 1.10.3-1+deb9u5
CVE ID         : CVE-2020-11724
Debian Bug     : 964950

An HTTP request smuggling issue was discovered in the ngx_lua plugin
for nginx, a high-performance web and reverse proxy server, as
demonstrated by the ngx.location.capture API.

For Debian 9 stretch, this problem has been fixed in version
1.10.3-1+deb9u5.

We recommend that you upgrade your nginx packages.

For the detailed security status of nginx please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/nginx

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEQic8GuN/xDR88HkSj/HLbo2JBZ8FAl8VmHsACgkQj/HLbo2J
BZ+sLwf8DU7DKoekm58xtNZN/Fv2UgTemBii/ZDVrFU7bF47m76CzScGGUaQ98NN
GJv5m5DBiRQjHKXHwUMPw8K21FtV4tPsNs0K/Z7G3gtfkIFRwf/LruR4cJv0BVGb
Y9+8wuyj2AjjsHmvoYaM+SwZx7y7fS24cnAjhLeuzk7YOszR57FsHkt7vBd1+36M
hpticauGXQgUKQ0G6DfH7RH9CG2BX/ScU/YFOeSM+FsrFaz1BDeaB8Nv5l5fIjcQ
0KeSzuOAt/czM9W6D60vTcd0y7/SDwkWYly8yGZWJvCEuVr744Ij3b76Xsu64V0B
5RsAX4B+jN22NVFecudQTDrMx2C3mA==
=CM8W
-----END PGP SIGNATURE-----
Reply to: