[SECURITY] [DLA 2670-1] nginx security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2670-1] nginx security update
From: Utkarsh Gupta <utkarsh@debian.org>
Date: Sun, 30 May 2021 18:26:20 +0530
Message-id: <[🔎] CAPP0f95yp99mQBwhHs31BXZ_N15sC3SDWH0zOCwjtPK_6A8uhQ@mail.gmail.com>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -----------------------------------------------------------------------
Debian LTS Advisory DLA-2670-1              debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Utkarsh Gupta
May 30, 2021                                https://wiki.debian.org/LTS
- -----------------------------------------------------------------------

Package        : nginx
Version        : 1.10.3-1+deb9u6
CVE ID         : CVE-2021-23017
Debian Bug     : 989095

Luis Merino, Markus Vervier and Eric Sesterhenn discovered an off-by-one
in Nginx, a high-performance web and reverse proxy server, which could
result in denial of service and potentially the execution of arbitrary
code.

For Debian 9 stretch, this problem has been fixed in version
1.10.3-1+deb9u6.

We recommend that you upgrade your nginx packages.

For the detailed security status of nginx please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/nginx

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmCzi0AACgkQgj6WdgbD
S5Zw8xAAyEgo1VF9XUWja9OsK/uflQJZf7JUybpE5mWOp/lZBUhQcr/nbnAxuBbC
Se4KVyZbtc5rnizA5ju6xQ6LKrtL9sL7ZRnLt9k3FcG7fKly/ilJgKSRCt58x+s+
nH1eLQzvGWa+dIooUwolOhwo5CEinkQR38yO90n9vCK7m+M1PgeM1SBSgFZxD2dR
Md6zL40EGcms8jRboQQ+VYDdP3nqqhAnnq0oasbCiR+DAWQwhPzVjz322WGz4QMF
zYHBeo1dUTAouWV24lwn/iwtkjjTbOlkvWB0x8/lw1yybK6sVpW5rATaSxgRZUoB
IqeFF6rr5V9wd3Q5sccgyFi8KjKWL0axNAkCNIESf9z4CGlkR8SyVVjBoBPdmkYY
NaCn73KssglctFgF+rr622GlzTsIVBmJ09yyafjBz3JsHBmu5vgPYrLy67buk7/K
szpt+skHCVvN3Y6zdmC5xmpHjbdTVWSffA1HBzLUwciNM2T0d7dxEqdarG2NhJc0
5EBfRTS+NNtijNGKT90bmvq/iVzgo3QjXC6Y2MzLYIHSmrVJM/40s9JgccjLCvLv
SNmXpIVBoQYKLhnVgk0BciK98BSpoNKje//B3skS7QzpM7uccNfPrvVInaHwn9LY
24ALisHsV8WrSUhDaXfqLcyPEm2qxTbWaXFZ1X+qEPB0hwnUHmU=
=gnyZ
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2669-1] libxml2 security update
Next by Date: [SECURITY] [DLA 2671-1] rxvt-unicode security update
Previous by thread: [SECURITY] [DLA 2669-1] libxml2 security update
Next by thread: [SECURITY] [DLA 2671-1] rxvt-unicode security update
Index(es):
- Date
- Thread