Overview

File _patchinfo of Package patchinfo.12404

<patchinfo incident="12404">
  <issue tracker="bnc" id="1115015">VUL-0: CVE-2018-16845: nginx,nginx-1.0: Denial of service and memory disclosure via mp4 module</issue>
  <issue tracker="bnc" id="1115022">VUL-0: CVE-2018-16843: nginx,nginx-1.0: Excessive memory consumption in HTTP/2 implementation</issue>
  <issue tracker="bnc" id="1115025">VUL-0: CVE-2018-16844: nginx,nginx-1.0: Excessive CPU usage via flaw in HTTP/2 implementation</issue>
  <issue tracker="bnc" id="1145582">VUL-0: CVE-2019-9516: nginx: HTTP/2 implementation is vulnerable to a header leak, potentially leading to a denial of service</issue>
  <issue tracker="bnc" id="1145580">VUL-0: CVE-2019-9513: nginx: HTTP/2 implementation is vulnerable to resource loops, potentially leading to a denial of service.</issue>
  <issue tracker="bnc" id="1145579">VUL-0: CVE-2019-9511: nginx: HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service</issue>
  <issue tracker="cve" id="2018-16843"/>
  <issue tracker="cve" id="2018-16845"/>
  <issue tracker="cve" id="2018-16844"/>
  <issue tracker="cve" id="2019-9516"/>
  <issue tracker="cve" id="2019-9511"/>
  <issue tracker="cve" id="2019-9513"/>
  <category>security</category>
  <rating>important</rating>
  <packager>rfrohl</packager>
  <description>This update for nginx fixes the following issues:

Security issues fixed:

- CVE-2019-9511: Fixed a denial of service by manipulating the window size and stream prioritization (bsc#1145579).
- CVE-2019-9513: Fixed a denial of service caused by resource loops (bsc#1145580).
- CVE-2019-9516: Fixed a denial of service caused by header leaks (bsc#1145582).
- CVE-2018-16845: Fixed denial of service and memory disclosure via mp4 module (bsc#1115015).
- CVE-2018-16843: Fixed excessive memory consumption in HTTP/2 implementation (bsc#1115022).
- CVE-2018-16844: Fixed excessive CPU usage via flaw in HTTP/2 implementation (bsc#1115025).
</description>
  <summary>Security update for nginx</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places