File _patchinfo of Package patchinfo.12404
<patchinfo incident="12404">
<issue tracker="bnc" id="1115015">VUL-0: CVE-2018-16845: nginx,nginx-1.0: Denial of service and memory disclosure via mp4 module</issue>
<issue tracker="bnc" id="1115022">VUL-0: CVE-2018-16843: nginx,nginx-1.0: Excessive memory consumption in HTTP/2 implementation</issue>
<issue tracker="bnc" id="1115025">VUL-0: CVE-2018-16844: nginx,nginx-1.0: Excessive CPU usage via flaw in HTTP/2 implementation</issue>
<issue tracker="bnc" id="1145582">VUL-0: CVE-2019-9516: nginx: HTTP/2 implementation is vulnerable to a header leak, potentially leading to a denial of service</issue>
<issue tracker="bnc" id="1145580">VUL-0: CVE-2019-9513: nginx: HTTP/2 implementation is vulnerable to resource loops, potentially leading to a denial of service.</issue>
<issue tracker="bnc" id="1145579">VUL-0: CVE-2019-9511: nginx: HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service</issue>
<issue tracker="cve" id="2018-16843"/>
<issue tracker="cve" id="2018-16845"/>
<issue tracker="cve" id="2018-16844"/>
<issue tracker="cve" id="2019-9516"/>
<issue tracker="cve" id="2019-9511"/>
<issue tracker="cve" id="2019-9513"/>
<category>security</category>
<rating>important</rating>
<packager>rfrohl</packager>
<description>This update for nginx fixes the following issues:
Security issues fixed:
- CVE-2019-9511: Fixed a denial of service by manipulating the window size and stream prioritization (bsc#1145579).
- CVE-2019-9513: Fixed a denial of service caused by resource loops (bsc#1145580).
- CVE-2019-9516: Fixed a denial of service caused by header leaks (bsc#1145582).
- CVE-2018-16845: Fixed denial of service and memory disclosure via mp4 module (bsc#1115015).
- CVE-2018-16843: Fixed excessive memory consumption in HTTP/2 implementation (bsc#1115022).
- CVE-2018-16844: Fixed excessive CPU usage via flaw in HTTP/2 implementation (bsc#1115025).
</description>
<summary>Security update for nginx</summary>
</patchinfo>