Security update for nginx
This update for nginx fixes the following issues:
Security issues fixed:
- CVE-2019-9511: Fixed a denial of service by manipulating the window size and stream prioritization (bsc#1145579).
- CVE-2019-9513: Fixed a denial of service caused by resource loops (bsc#1145580).
- CVE-2019-9516: Fixed a denial of service caused by header leaks (bsc#1145582).
This update was imported from the SUSE:SLE-15:Update update project.
-
Submitted by
Robert Frohl (rfrohl)
Fixed bugs
bnc#1145582
VUL-0: CVE-2019-9516: nginx: HTTP/2 implementation is vulnerable to a header leak, potentially leading to a denial of service
bnc#1145580
VUL-0: CVE-2019-9513: nginx: HTTP/2 implementation is vulnerable to resource loops, potentially leading to a denial of service.
bnc#1145579
VUL-0: CVE-2019-9511: nginx: HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service
