[FEDORA-2021-b37cffac0d] Fedora 33: nginx
Severity
High
Affected Packages
1
CVEs
1
Fix log permissions issue ---- Security: 1-byte memory overwrite might occur
during DNS server response processing if the "resolver" directive was
used, allowing an attacker who is able to forge UDP packets from the DNS
server to cause worker process crash or, potentially, arbitrary code
execution (CVE-2021-23017).
Package | Affected Version |
---|---|
pkg:rpm/fedora/nginx?distro=fedora-33 | < 1.20.1.2.fc33 |
- ID
- FEDORA-2021-b37cffac0d
- Severity
- high
- Severity from
- CVE-2021-23017
- URL
- https://bodhi.fedoraproject.org/updates/FEDORA-2021-b37cffac0d
- Published
-
2021-06-11T01:19:56
(3 years ago) - Modified
-
2021-06-11T01:19:56
(3 years ago) - Rights
- Copyright 2021 Red Hat, Inc.
- Other Advisories
-
- ALAS-2021-1507
- ALPINE:CVE-2021-23017
- ALSA-2021:2259
- ALSA-2021:2290
- ALSA-2022:0323
- ASA-202106-36
- ASA-202106-48
- DSA-4921-1
- ELSA-2021-2259
- ELSA-2021-2290
- ELSA-2022-0323
- FEDORA-2021-393d698493
- FREEBSD:0882F019-BD60-11EB-9BDD-8C164567CA3C
- GLSA-202105-38
- MS:CVE-2021-23017
- NGINX:CVE-2021-23017
- openSUSE-SU-2021:0835-1
- openSUSE-SU-2021:1815-1
- RHSA-2021:2259
- RHSA-2021:2290
- RHSA-2022:0323
- RLSA-2021:2259
- RLSA-2021:2290
- RLSA-2022:0323
- SUSE-SU-2021:1792-1
- SUSE-SU-2021:1814-1
- SUSE-SU-2021:1815-1
- SUSE-SU-2021:1839-1
- USN-4967-1
- USN-4967-2
Source | # ID | Name | URL |
---|---|---|---|
Bugzilla | 1966367 | Bug #1966367 - nginx doesn't reopen the log file | https://bugzilla.redhat.com/show_bug.cgi?id=1966367 |
Bugzilla | 1964820 | Bug #1964820 - CVE-2021-23017 nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name [fedora-all] | https://bugzilla.redhat.com/show_bug.cgi?id=1964820 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/fedora/nginx?distro=fedora-33 | fedora | nginx | < 1.20.1.2.fc33 | fedora-33 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |