Overview

File _patchinfo of Package patchinfo.14003

<patchinfo incident="14003">
  <issue tracker="cve" id="2019-20372"/>
  <issue tracker="jsc" id="ECO-1401"/>
  <issue tracker="jsc" id="SLE-11184"/>
  <issue tracker="jsc" id="SLE-9295"/>
  <issue tracker="bnc" id="1155690">nginx starts faster than the network and need Requires=network.target</issue>
  <issue tracker="bnc" id="1156202">nginx: GeoIP support is discontinued</issue>
  <issue tracker="bnc" id="1150711">nginx: Enable TLS 1.3</issue>
  <issue tracker="bnc" id="1160682">VUL-0: CVE-2019-20372: nginx, nginx-ingress-controller: HTTP request smuggling with certain error_page configurations</issue>
  <packager>atopt</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for nginx</summary>
  <description>This update for nginx fixes the following issues:

nginx was updated to 1.16.1 (jsc#ECO-1401)	  

- Added TLS 1.3 support (jsc#SLE-9295, bsc#1150711)
- Replaced obsolete GeoIP module with MaxMinDB-based GeoIP2
  (jsc#SLE-11184, bsc#1156202)
- Started nginx after network is online (bsc#1155690)	  
- CVE-2019-20372: Fixed an HTTP request smuggling with certain error_page 
  configurations which could have allowed unauthorized web page reads (bsc#1160682). 	  
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places