1. Home
  2. Security Advisories
  3. Fedora
  4. FEDORA-2021-b37cffac0d

[FEDORA-2021-b37cffac0d] Fedora 33: nginx

Severity High
Affected Packages 1
CVEs 1
Info Packages References Vulnerabilities

Fix log permissions issue ---- Security: 1-byte memory overwrite might occur
during DNS server response processing if the "resolver" directive was
used, allowing an attacker who is able to forge UDP packets from the DNS
server to cause worker process crash or, potentially, arbitrary code
execution (CVE-2021-23017).

Package Affected Version
pkg:rpm/fedora/nginx?distro=fedora-33 < 1.20.1.2.fc33
ID
FEDORA-2021-b37cffac0d
Severity
high
Severity from
CVE-2021-23017
URL
https://bodhi.fedoraproject.org/updates/FEDORA-2021-b37cffac0d
Published
2021-06-11T01:19:56
(3 years ago)
Modified
2021-06-11T01:19:56
(3 years ago)
Rights
Copyright 2021 Red Hat, Inc.
Other Advisories
Source # ID Name URL
Bugzilla 1966367 Bug #1966367 - nginx doesn't reopen the log file https://bugzilla.redhat.com/show_bug.cgi?id=1966367
Bugzilla 1964820 Bug #1964820 - CVE-2021-23017 nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1964820
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/fedora/nginx?distro=fedora-33 fedora nginx < 1.20.1.2.fc33 fedora-33
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date