[GLSA-202105-38] nginx: Remote code execution
A vulnerability in nginx could lead to remote code execution.
Background
nginx is a robust, small, and high performance HTTP and reverse proxy
server.
Description
It was discovered that nginx did not properly handle DNS responses when
“resolver” directive is used.
Impact
A remote attacker, able to provide DNS responses to a nginx instance,
could cause the execution of arbitrary code with the privileges of the
process or a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All nginx users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-servers/nginx-1.20.1"
All nginx mainline users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=www-servers/nginx-1.21.0:mainline"
| Package | Affected Version |
|---|---|
 pkg:ebuild/www-servers/nginx?distro=gentoo
|
< 1.21.0 |
| Package | Unaffected Version |
|---|---|
|
pkg:ebuild/www-servers/nginx?distro=gentoo
|
>= 1.20.1 |
|
pkg:ebuild/www-servers/nginx?distro=gentoo
|
>= 1.21.0 |
- ID
- GLSA-202105-38
- Severity
- high
- URL
- https://security.gentoo.org/glsa/202105-38
- Published
-
2021-05-26T00:00:00
(3 years ago) - Modified
-
2021-05-26T00:00:00
(3 years ago) - Rights
- Gentoo Foundation, Inc.
- Other Advisories
-
-
ALAS-2021-1507
-
ALPINE:CVE-2021-23017
-
ALSA-2021:2259
-
ALSA-2021:2290
-
ALSA-2022:0323
-
ASA-202106-36
-
ASA-202106-48
-
DSA-4921-1
-
ELSA-2021-2259
-
ELSA-2021-2290
-
ELSA-2022-0323
-
FEDORA-2021-393d698493
-
FEDORA-2021-b37cffac0d
-
FREEBSD:0882F019-BD60-11EB-9BDD-8C164567CA3C
-
MS:CVE-2021-23017
-
NGINX:CVE-2021-23017
-
openSUSE-SU-2021:0835-1
-
openSUSE-SU-2021:1815-1
-
RHSA-2021:2259
-
RHSA-2021:2290
-
RHSA-2022:0323
-
RLSA-2021:2259
-
RLSA-2021:2290
-
RLSA-2022:0323
-
SUSE-SU-2021:1792-1
-
SUSE-SU-2021:1814-1
-
SUSE-SU-2021:1815-1
-
SUSE-SU-2021:1839-1
-
USN-4967-1
-
USN-4967-2
-
| Source | # ID | Name | URL |
|---|---|---|---|
| CVE | CVE-2021-23017 | CVE-2021-23017 |
|
| Bugzilla | 792087 | Bugzilla #792087 |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:ebuild/www-servers/nginx?distro=gentoo | www-servers |
nginx
|
< 1.21.0 | gentoo | ||
| Unaffected | pkg:ebuild/www-servers/nginx?distro=gentoo | www-servers |
nginx
|
>= 1.20.1 | gentoo | ||
| Unaffected | pkg:ebuild/www-servers/nginx?distro=gentoo | www-servers |
nginx
|
>= 1.21.0 | gentoo |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |