[ALAS-2017-894] Amazon Linux AMI 2014.03 - ALAS-2017-894: low priority package update for nginx

Severity Low

Affected Packages 18

CVEs 1

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities:
CVE-2017-7529:
A flaw within the processing of ranged HTTP requests has been discovered in the range filter module of nginx. A remote attacker could possibly exploit this flaw to disclose parts of the cache file header, or, if used in combination with third party modules, disclose potentially sensitive memory by sending specially crafted HTTP requests.
1468584:
CVE-2017-7529 nginx: Integer overflow in nginx range filter module leading to memory disclosure

Package	Affected Version
pkg:rpm/amazonlinux/nginx?arch=x86_64&distro=amazonlinux-1	< 1.12.1-1.32.amzn1
pkg:rpm/amazonlinux/nginx?arch=i686&distro=amazonlinux-1	< 1.12.1-1.32.amzn1
pkg:rpm/amazonlinux/nginx-mod-stream?arch=x86_64&distro=amazonlinux-1	< 1.12.1-1.32.amzn1
pkg:rpm/amazonlinux/nginx-mod-stream?arch=i686&distro=amazonlinux-1	< 1.12.1-1.32.amzn1
pkg:rpm/amazonlinux/nginx-mod-mail?arch=x86_64&distro=amazonlinux-1	< 1.12.1-1.32.amzn1
pkg:rpm/amazonlinux/nginx-mod-mail?arch=i686&distro=amazonlinux-1	< 1.12.1-1.32.amzn1
pkg:rpm/amazonlinux/nginx-mod-http-xslt-filter?arch=x86_64&distro=amazonlinux-1	< 1.12.1-1.32.amzn1
pkg:rpm/amazonlinux/nginx-mod-http-xslt-filter?arch=i686&distro=amazonlinux-1	< 1.12.1-1.32.amzn1
pkg:rpm/amazonlinux/nginx-mod-http-perl?arch=x86_64&distro=amazonlinux-1	< 1.12.1-1.32.amzn1
pkg:rpm/amazonlinux/nginx-mod-http-perl?arch=i686&distro=amazonlinux-1	< 1.12.1-1.32.amzn1
pkg:rpm/amazonlinux/nginx-mod-http-image-filter?arch=x86_64&distro=amazonlinux-1	< 1.12.1-1.32.amzn1
pkg:rpm/amazonlinux/nginx-mod-http-image-filter?arch=i686&distro=amazonlinux-1	< 1.12.1-1.32.amzn1
pkg:rpm/amazonlinux/nginx-mod-http-geoip?arch=x86_64&distro=amazonlinux-1	< 1.12.1-1.32.amzn1
pkg:rpm/amazonlinux/nginx-mod-http-geoip?arch=i686&distro=amazonlinux-1	< 1.12.1-1.32.amzn1
pkg:rpm/amazonlinux/nginx-debuginfo?arch=x86_64&distro=amazonlinux-1	< 1.12.1-1.32.amzn1
pkg:rpm/amazonlinux/nginx-debuginfo?arch=i686&distro=amazonlinux-1	< 1.12.1-1.32.amzn1
pkg:rpm/amazonlinux/nginx-all-modules?arch=x86_64&distro=amazonlinux-1	< 1.12.1-1.32.amzn1
pkg:rpm/amazonlinux/nginx-all-modules?arch=i686&distro=amazonlinux-1	< 1.12.1-1.32.amzn1

ID

ALAS-2017-894

Severity

low

URL

https://alas.aws.amazon.com/ALAS-2017-894.html

Published

2017-09-13T23:19:00
(7 years ago)

Modified

2017-09-14T22:22:00
(7 years ago)

Rights

Amazon Linux Security Team

Other Advisories

Source	# ID	Name	URL
CVE	CVE-2017-7529		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7529

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch
Affected	pkg:rpm/amazonlinux/nginx?arch=x86_64&distro=amazonlinux-1	amazonlinux	nginx	< 1.12.1-1.32.amzn1	amazonlinux-1	x86_64
Affected	pkg:rpm/amazonlinux/nginx?arch=i686&distro=amazonlinux-1	amazonlinux	nginx	< 1.12.1-1.32.amzn1	amazonlinux-1	i686
Affected	pkg:rpm/amazonlinux/nginx-mod-stream?arch=x86_64&distro=amazonlinux-1	amazonlinux	nginx-mod-stream	< 1.12.1-1.32.amzn1	amazonlinux-1	x86_64
Affected	pkg:rpm/amazonlinux/nginx-mod-stream?arch=i686&distro=amazonlinux-1	amazonlinux	nginx-mod-stream	< 1.12.1-1.32.amzn1	amazonlinux-1	i686
Affected	pkg:rpm/amazonlinux/nginx-mod-mail?arch=x86_64&distro=amazonlinux-1	amazonlinux	nginx-mod-mail	< 1.12.1-1.32.amzn1	amazonlinux-1	x86_64
Affected	pkg:rpm/amazonlinux/nginx-mod-mail?arch=i686&distro=amazonlinux-1	amazonlinux	nginx-mod-mail	< 1.12.1-1.32.amzn1	amazonlinux-1	i686
Affected	pkg:rpm/amazonlinux/nginx-mod-http-xslt-filter?arch=x86_64&distro=amazonlinux-1	amazonlinux	nginx-mod-http-xslt-filter	< 1.12.1-1.32.amzn1	amazonlinux-1	x86_64
Affected	pkg:rpm/amazonlinux/nginx-mod-http-xslt-filter?arch=i686&distro=amazonlinux-1	amazonlinux	nginx-mod-http-xslt-filter	< 1.12.1-1.32.amzn1	amazonlinux-1	i686
Affected	pkg:rpm/amazonlinux/nginx-mod-http-perl?arch=x86_64&distro=amazonlinux-1	amazonlinux	nginx-mod-http-perl	< 1.12.1-1.32.amzn1	amazonlinux-1	x86_64
Affected	pkg:rpm/amazonlinux/nginx-mod-http-perl?arch=i686&distro=amazonlinux-1	amazonlinux	nginx-mod-http-perl	< 1.12.1-1.32.amzn1	amazonlinux-1	i686
Affected	pkg:rpm/amazonlinux/nginx-mod-http-image-filter?arch=x86_64&distro=amazonlinux-1	amazonlinux	nginx-mod-http-image-filter	< 1.12.1-1.32.amzn1	amazonlinux-1	x86_64
Affected	pkg:rpm/amazonlinux/nginx-mod-http-image-filter?arch=i686&distro=amazonlinux-1	amazonlinux	nginx-mod-http-image-filter	< 1.12.1-1.32.amzn1	amazonlinux-1	i686
Affected	pkg:rpm/amazonlinux/nginx-mod-http-geoip?arch=x86_64&distro=amazonlinux-1	amazonlinux	nginx-mod-http-geoip	< 1.12.1-1.32.amzn1	amazonlinux-1	x86_64
Affected	pkg:rpm/amazonlinux/nginx-mod-http-geoip?arch=i686&distro=amazonlinux-1	amazonlinux	nginx-mod-http-geoip	< 1.12.1-1.32.amzn1	amazonlinux-1	i686
Affected	pkg:rpm/amazonlinux/nginx-debuginfo?arch=x86_64&distro=amazonlinux-1	amazonlinux	nginx-debuginfo	< 1.12.1-1.32.amzn1	amazonlinux-1	x86_64
Affected	pkg:rpm/amazonlinux/nginx-debuginfo?arch=i686&distro=amazonlinux-1	amazonlinux	nginx-debuginfo	< 1.12.1-1.32.amzn1	amazonlinux-1	i686
Affected	pkg:rpm/amazonlinux/nginx-all-modules?arch=x86_64&distro=amazonlinux-1	amazonlinux	nginx-all-modules	< 1.12.1-1.32.amzn1	amazonlinux-1	x86_64
Affected	pkg:rpm/amazonlinux/nginx-all-modules?arch=i686&distro=amazonlinux-1	amazonlinux	nginx-all-modules	< 1.12.1-1.32.amzn1	amazonlinux-1	i686

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date