Security update for nginx
This update for nginx fixes the following issues:
Security issues fixed:
- CVE-2019-9511: Fixed a denial of service by manipulating the window size and stream prioritization (bsc#1145579).
- CVE-2019-9513: Fixed a denial of service caused by resource loops (bsc#1145580).
- CVE-2019-9516: Fixed a denial of service caused by header leaks (bsc#1145582).
- CVE-2018-16845: Fixed denial of service and memory disclosure via mp4 module (bsc#1115015).
- CVE-2018-16843: Fixed excessive memory consumption in HTTP/2 implementation (bsc#1115022).
- CVE-2018-16844: Fixed excessive CPU usage via flaw in HTTP/2 implementation (bsc#1115025).
This update was imported from the SUSE:SLE-15-SP1:Update update project.
-
Submitted by
Robert Frohl (rfrohl)
Fixed bugs
bnc#1115015
VUL-0: CVE-2018-16845: nginx,nginx-1.0: Denial of service and memory disclosure via mp4 module
bnc#1115022
VUL-0: CVE-2018-16843: nginx,nginx-1.0: Excessive memory consumption in HTTP/2 implementation
bnc#1115025
VUL-0: CVE-2018-16844: nginx,nginx-1.0: Excessive CPU usage via flaw in HTTP/2 implementation
bnc#1145582
VUL-0: CVE-2019-9516: nginx: HTTP/2 implementation is vulnerable to a header leak, potentially leading to a denial of service
bnc#1145580
VUL-0: CVE-2019-9513: nginx: HTTP/2 implementation is vulnerable to resource loops, potentially leading to a denial of service.
bnc#1145579
VUL-0: CVE-2019-9511: nginx: HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service
