[RLSA-2019:2799] nginx:1.14 security update

Severity Important

Affected Packages 14

CVEs 3

An update is available for nginx. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 (Post Office Protocol 3) and IMAP protocols, with a focus on high concurrency, performance and low memory usage.

Security Fix(es):

HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511)
HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513)
HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Package	Affected Version
pkg:rpm/rockylinux/nginx?arch=x86_64&distro=rockylinux-8.4	< 1.14.1-9.module+el8.4.0+542+81547229
pkg:rpm/rockylinux/nginx?arch=aarch64&distro=rockylinux-8.4	< 1.14.1-9.module+el8.4.0+542+81547229
pkg:rpm/rockylinux/nginx-mod-stream?arch=x86_64&distro=rockylinux-8.4	< 1.14.1-9.module+el8.4.0+542+81547229
pkg:rpm/rockylinux/nginx-mod-stream?arch=aarch64&distro=rockylinux-8.4	< 1.14.1-9.module+el8.4.0+542+81547229
pkg:rpm/rockylinux/nginx-mod-mail?arch=x86_64&distro=rockylinux-8.4	< 1.14.1-9.module+el8.4.0+542+81547229
pkg:rpm/rockylinux/nginx-mod-mail?arch=aarch64&distro=rockylinux-8.4	< 1.14.1-9.module+el8.4.0+542+81547229
pkg:rpm/rockylinux/nginx-mod-http-xslt-filter?arch=x86_64&distro=rockylinux-8.4	< 1.14.1-9.module+el8.4.0+542+81547229
pkg:rpm/rockylinux/nginx-mod-http-xslt-filter?arch=aarch64&distro=rockylinux-8.4	< 1.14.1-9.module+el8.4.0+542+81547229
pkg:rpm/rockylinux/nginx-mod-http-perl?arch=x86_64&distro=rockylinux-8.4	< 1.14.1-9.module+el8.4.0+542+81547229
pkg:rpm/rockylinux/nginx-mod-http-perl?arch=aarch64&distro=rockylinux-8.4	< 1.14.1-9.module+el8.4.0+542+81547229
pkg:rpm/rockylinux/nginx-mod-http-image-filter?arch=x86_64&distro=rockylinux-8.4	< 1.14.1-9.module+el8.4.0+542+81547229
pkg:rpm/rockylinux/nginx-mod-http-image-filter?arch=aarch64&distro=rockylinux-8.4	< 1.14.1-9.module+el8.4.0+542+81547229
pkg:rpm/rockylinux/nginx-filesystem?arch=noarch&distro=rockylinux-8.4	< 1.14.1-9.module+el8.4.0+542+81547229
pkg:rpm/rockylinux/nginx-all-modules?arch=noarch&distro=rockylinux-8.4	< 1.14.1-9.module+el8.4.0+542+81547229

ID

RLSA-2019:2799

Severity

important

URL

https://errata.rockylinux.org/RLSA-2019:2799

Published

2019-09-17T08:45:10
(5 years ago)

Modified

2023-02-02T12:57:13
(19 months ago)

Rights

Other Advisories

Source	# ID	URL
CVE	CVE-2019-9511	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511
CVE	CVE-2019-9513	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513
CVE	CVE-2019-9516	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516
Bugzilla	1735741	https://bugzilla.redhat.com/show_bug.cgi?id=1735741
Bugzilla	1741860	https://bugzilla.redhat.com/show_bug.cgi?id=1741860
Bugzilla	1741864	https://bugzilla.redhat.com/show_bug.cgi?id=1741864
Self	RLSA-2019:2799	https://errata.rockylinux.org/RLSA-2019:2799

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch
Affected	pkg:rpm/rockylinux/nginx?arch=x86_64&distro=rockylinux-8.4	rockylinux	nginx	< 1.14.1-9.module+el8.4.0+542+81547229	rockylinux-8.4	x86_64
Affected	pkg:rpm/rockylinux/nginx?arch=aarch64&distro=rockylinux-8.4	rockylinux	nginx	< 1.14.1-9.module+el8.4.0+542+81547229	rockylinux-8.4	aarch64
Affected	pkg:rpm/rockylinux/nginx-mod-stream?arch=x86_64&distro=rockylinux-8.4	rockylinux	nginx-mod-stream	< 1.14.1-9.module+el8.4.0+542+81547229	rockylinux-8.4	x86_64
Affected	pkg:rpm/rockylinux/nginx-mod-stream?arch=aarch64&distro=rockylinux-8.4	rockylinux	nginx-mod-stream	< 1.14.1-9.module+el8.4.0+542+81547229	rockylinux-8.4	aarch64
Affected	pkg:rpm/rockylinux/nginx-mod-mail?arch=x86_64&distro=rockylinux-8.4	rockylinux	nginx-mod-mail	< 1.14.1-9.module+el8.4.0+542+81547229	rockylinux-8.4	x86_64
Affected	pkg:rpm/rockylinux/nginx-mod-mail?arch=aarch64&distro=rockylinux-8.4	rockylinux	nginx-mod-mail	< 1.14.1-9.module+el8.4.0+542+81547229	rockylinux-8.4	aarch64
Affected	pkg:rpm/rockylinux/nginx-mod-http-xslt-filter?arch=x86_64&distro=rockylinux-8.4	rockylinux	nginx-mod-http-xslt-filter	< 1.14.1-9.module+el8.4.0+542+81547229	rockylinux-8.4	x86_64
Affected	pkg:rpm/rockylinux/nginx-mod-http-xslt-filter?arch=aarch64&distro=rockylinux-8.4	rockylinux	nginx-mod-http-xslt-filter	< 1.14.1-9.module+el8.4.0+542+81547229	rockylinux-8.4	aarch64
Affected	pkg:rpm/rockylinux/nginx-mod-http-perl?arch=x86_64&distro=rockylinux-8.4	rockylinux	nginx-mod-http-perl	< 1.14.1-9.module+el8.4.0+542+81547229	rockylinux-8.4	x86_64
Affected	pkg:rpm/rockylinux/nginx-mod-http-perl?arch=aarch64&distro=rockylinux-8.4	rockylinux	nginx-mod-http-perl	< 1.14.1-9.module+el8.4.0+542+81547229	rockylinux-8.4	aarch64
Affected	pkg:rpm/rockylinux/nginx-mod-http-image-filter?arch=x86_64&distro=rockylinux-8.4	rockylinux	nginx-mod-http-image-filter	< 1.14.1-9.module+el8.4.0+542+81547229	rockylinux-8.4	x86_64
Affected	pkg:rpm/rockylinux/nginx-mod-http-image-filter?arch=aarch64&distro=rockylinux-8.4	rockylinux	nginx-mod-http-image-filter	< 1.14.1-9.module+el8.4.0+542+81547229	rockylinux-8.4	aarch64
Affected	pkg:rpm/rockylinux/nginx-filesystem?arch=noarch&distro=rockylinux-8.4	rockylinux	nginx-filesystem	< 1.14.1-9.module+el8.4.0+542+81547229	rockylinux-8.4	noarch
Affected	pkg:rpm/rockylinux/nginx-all-modules?arch=noarch&distro=rockylinux-8.4	rockylinux	nginx-all-modules	< 1.14.1-9.module+el8.4.0+542+81547229	rockylinux-8.4	noarch

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date