[ALAS-2017-894] Amazon Linux AMI 2014.03 - ALAS-2017-894: low priority package update for nginx
Severity
Low
Affected Packages
18
CVEs
1
Package updates are available for Amazon Linux AMI that fix the following vulnerabilities:
CVE-2017-7529:
A flaw within the processing of ranged HTTP requests has been discovered in the range filter module of nginx. A remote attacker could possibly exploit this flaw to disclose parts of the cache file header, or, if used in combination with third party modules, disclose potentially sensitive memory by sending specially crafted HTTP requests.
1468584:
CVE-2017-7529 nginx: Integer overflow in nginx range filter module leading to memory disclosure
- ID
- ALAS-2017-894
- Severity
- low
- URL
- https://alas.aws.amazon.com/ALAS-2017-894.html
- Published
-
2017-09-13T23:19:00
(7 years ago) - Modified
-
2017-09-14T22:22:00
(7 years ago) - Rights
- Amazon Linux Security Team
- Other Advisories
Source | # ID | Name | URL |
---|---|---|---|
CVE | CVE-2017-7529 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7529 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/amazonlinux/nginx?arch=x86_64&distro=amazonlinux-1 | amazonlinux | nginx | < 1.12.1-1.32.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/nginx?arch=i686&distro=amazonlinux-1 | amazonlinux | nginx | < 1.12.1-1.32.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/nginx-mod-stream?arch=x86_64&distro=amazonlinux-1 | amazonlinux | nginx-mod-stream | < 1.12.1-1.32.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/nginx-mod-stream?arch=i686&distro=amazonlinux-1 | amazonlinux | nginx-mod-stream | < 1.12.1-1.32.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/nginx-mod-mail?arch=x86_64&distro=amazonlinux-1 | amazonlinux | nginx-mod-mail | < 1.12.1-1.32.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/nginx-mod-mail?arch=i686&distro=amazonlinux-1 | amazonlinux | nginx-mod-mail | < 1.12.1-1.32.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/nginx-mod-http-xslt-filter?arch=x86_64&distro=amazonlinux-1 | amazonlinux | nginx-mod-http-xslt-filter | < 1.12.1-1.32.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/nginx-mod-http-xslt-filter?arch=i686&distro=amazonlinux-1 | amazonlinux | nginx-mod-http-xslt-filter | < 1.12.1-1.32.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/nginx-mod-http-perl?arch=x86_64&distro=amazonlinux-1 | amazonlinux | nginx-mod-http-perl | < 1.12.1-1.32.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/nginx-mod-http-perl?arch=i686&distro=amazonlinux-1 | amazonlinux | nginx-mod-http-perl | < 1.12.1-1.32.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/nginx-mod-http-image-filter?arch=x86_64&distro=amazonlinux-1 | amazonlinux | nginx-mod-http-image-filter | < 1.12.1-1.32.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/nginx-mod-http-image-filter?arch=i686&distro=amazonlinux-1 | amazonlinux | nginx-mod-http-image-filter | < 1.12.1-1.32.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/nginx-mod-http-geoip?arch=x86_64&distro=amazonlinux-1 | amazonlinux | nginx-mod-http-geoip | < 1.12.1-1.32.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/nginx-mod-http-geoip?arch=i686&distro=amazonlinux-1 | amazonlinux | nginx-mod-http-geoip | < 1.12.1-1.32.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/nginx-debuginfo?arch=x86_64&distro=amazonlinux-1 | amazonlinux | nginx-debuginfo | < 1.12.1-1.32.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/nginx-debuginfo?arch=i686&distro=amazonlinux-1 | amazonlinux | nginx-debuginfo | < 1.12.1-1.32.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/nginx-all-modules?arch=x86_64&distro=amazonlinux-1 | amazonlinux | nginx-all-modules | < 1.12.1-1.32.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/nginx-all-modules?arch=i686&distro=amazonlinux-1 | amazonlinux | nginx-all-modules | < 1.12.1-1.32.amzn1 | amazonlinux-1 | i686 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |