1. Home
  2. Security Advisories
  3. Ubuntu
  4. USN-3812-1

[USN-3812-1] nginx vulnerabilities

Severity Medium
Affected Packages 42
CVEs 3
Info Packages Vulnerabilities

Several security issues were fixed in nginx.

It was discovered that nginx incorrectly handled the HTTP/2 implementation.
A remote attacker could possibly use this issue to cause excessive memory
consumption, leading to a denial of service. This issue only affected
Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-16843)

Gal Goldshtein discovered that nginx incorrectly handled the HTTP/2
implementation. A remote attacker could possibly use this issue to cause
excessive CPU usage, leading to a denial of service. This issue only
affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10.
(CVE-2018-16844)

It was discovered that nginx incorrectly handled the ngx_http_mp4_module
module. A remote attacker could possibly use this issue with a specially
crafted mp4 file to cause nginx to crash, stop responding, or access
arbitrary memory. (CVE-2018-16845)

Package Affected Version
pkg:deb/ubuntu/nginx?distro=xenial < 1.10.3-0ubuntu0.16.04.3
pkg:deb/ubuntu/nginx?distro=trusty < 1.4.6-1ubuntu3.9
pkg:deb/ubuntu/nginx?distro=bionic < 1.14.0-0ubuntu1.2
pkg:deb/ubuntu/nginx-naxsi?distro=trusty < 1.4.6-1ubuntu3.9
pkg:deb/ubuntu/nginx-naxsi-ui?distro=trusty < 1.4.6-1ubuntu3.9
pkg:deb/ubuntu/nginx-light?distro=xenial < 1.10.3-0ubuntu0.16.04.3
pkg:deb/ubuntu/nginx-light?distro=trusty < 1.4.6-1ubuntu3.9
pkg:deb/ubuntu/nginx-light?distro=bionic < 1.14.0-0ubuntu1.2
pkg:deb/ubuntu/nginx-full?distro=xenial < 1.10.3-0ubuntu0.16.04.3
pkg:deb/ubuntu/nginx-full?distro=trusty < 1.4.6-1ubuntu3.9
pkg:deb/ubuntu/nginx-full?distro=bionic < 1.14.0-0ubuntu1.2
pkg:deb/ubuntu/nginx-extras?distro=xenial < 1.10.3-0ubuntu0.16.04.3
pkg:deb/ubuntu/nginx-extras?distro=trusty < 1.4.6-1ubuntu3.9
pkg:deb/ubuntu/nginx-extras?distro=bionic < 1.14.0-0ubuntu1.2
pkg:deb/ubuntu/nginx-doc?distro=xenial < 1.10.3-0ubuntu0.16.04.3
pkg:deb/ubuntu/nginx-doc?distro=trusty < 1.4.6-1ubuntu3.9
pkg:deb/ubuntu/nginx-doc?distro=bionic < 1.14.0-0ubuntu1.2
pkg:deb/ubuntu/nginx-core?distro=xenial < 1.10.3-0ubuntu0.16.04.3
pkg:deb/ubuntu/nginx-core?distro=trusty < 1.4.6-1ubuntu3.9
pkg:deb/ubuntu/nginx-core?distro=bionic < 1.14.0-0ubuntu1.2
pkg:deb/ubuntu/nginx-common?distro=xenial < 1.10.3-0ubuntu0.16.04.3
pkg:deb/ubuntu/nginx-common?distro=trusty < 1.4.6-1ubuntu3.9
pkg:deb/ubuntu/nginx-common?distro=bionic < 1.14.0-0ubuntu1.2
pkg:deb/ubuntu/libnginx-mod-stream?distro=bionic < 1.14.0-0ubuntu1.2
pkg:deb/ubuntu/libnginx-mod-rtmp?distro=bionic < 1.14.0-0ubuntu1.2
pkg:deb/ubuntu/libnginx-mod-nchan?distro=bionic < 1.14.0-0ubuntu1.2
pkg:deb/ubuntu/libnginx-mod-mail?distro=bionic < 1.14.0-0ubuntu1.2
pkg:deb/ubuntu/libnginx-mod-http-xslt-filter?distro=bionic < 1.14.0-0ubuntu1.2
pkg:deb/ubuntu/libnginx-mod-http-upstream-fair?distro=bionic < 1.14.0-0ubuntu1.2
pkg:deb/ubuntu/libnginx-mod-http-uploadprogress?distro=bionic < 1.14.0-0ubuntu1.2
pkg:deb/ubuntu/libnginx-mod-http-subs-filter?distro=bionic < 1.14.0-0ubuntu1.2
pkg:deb/ubuntu/libnginx-mod-http-perl?distro=bionic < 1.14.0-0ubuntu1.2
pkg:deb/ubuntu/libnginx-mod-http-ndk?distro=bionic < 1.14.0-0ubuntu1.2
pkg:deb/ubuntu/libnginx-mod-http-lua?distro=bionic < 1.14.0-0ubuntu1.2
pkg:deb/ubuntu/libnginx-mod-http-image-filter?distro=bionic < 1.14.0-0ubuntu1.2
pkg:deb/ubuntu/libnginx-mod-http-headers-more-filter?distro=bionic < 1.14.0-0ubuntu1.2
pkg:deb/ubuntu/libnginx-mod-http-geoip?distro=bionic < 1.14.0-0ubuntu1.2
pkg:deb/ubuntu/libnginx-mod-http-fancyindex?distro=bionic < 1.14.0-0ubuntu1.2
pkg:deb/ubuntu/libnginx-mod-http-echo?distro=bionic < 1.14.0-0ubuntu1.2
pkg:deb/ubuntu/libnginx-mod-http-dav-ext?distro=bionic < 1.14.0-0ubuntu1.2
pkg:deb/ubuntu/libnginx-mod-http-cache-purge?distro=bionic < 1.14.0-0ubuntu1.2
pkg:deb/ubuntu/libnginx-mod-http-auth-pam?distro=bionic < 1.14.0-0ubuntu1.2
ID
USN-3812-1
Severity
medium
URL
https://ubuntu.com/security/notices/USN-3812-1
Published
2018-11-07T15:01:09
(5 years ago)
Modified
2018-11-07T15:01:09
(5 years ago)
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:deb/ubuntu/nginx?distro=xenial ubuntu nginx < 1.10.3-0ubuntu0.16.04.3 xenial
Affected pkg:deb/ubuntu/nginx?distro=trusty ubuntu nginx < 1.4.6-1ubuntu3.9 trusty
Affected pkg:deb/ubuntu/nginx?distro=bionic ubuntu nginx < 1.14.0-0ubuntu1.2 bionic
Affected pkg:deb/ubuntu/nginx-naxsi?distro=trusty ubuntu nginx-naxsi < 1.4.6-1ubuntu3.9 trusty
Affected pkg:deb/ubuntu/nginx-naxsi-ui?distro=trusty ubuntu nginx-naxsi-ui < 1.4.6-1ubuntu3.9 trusty
Affected pkg:deb/ubuntu/nginx-light?distro=xenial ubuntu nginx-light < 1.10.3-0ubuntu0.16.04.3 xenial
Affected pkg:deb/ubuntu/nginx-light?distro=trusty ubuntu nginx-light < 1.4.6-1ubuntu3.9 trusty
Affected pkg:deb/ubuntu/nginx-light?distro=bionic ubuntu nginx-light < 1.14.0-0ubuntu1.2 bionic
Affected pkg:deb/ubuntu/nginx-full?distro=xenial ubuntu nginx-full < 1.10.3-0ubuntu0.16.04.3 xenial
Affected pkg:deb/ubuntu/nginx-full?distro=trusty ubuntu nginx-full < 1.4.6-1ubuntu3.9 trusty
Affected pkg:deb/ubuntu/nginx-full?distro=bionic ubuntu nginx-full < 1.14.0-0ubuntu1.2 bionic
Affected pkg:deb/ubuntu/nginx-extras?distro=xenial ubuntu nginx-extras < 1.10.3-0ubuntu0.16.04.3 xenial
Affected pkg:deb/ubuntu/nginx-extras?distro=trusty ubuntu nginx-extras < 1.4.6-1ubuntu3.9 trusty
Affected pkg:deb/ubuntu/nginx-extras?distro=bionic ubuntu nginx-extras < 1.14.0-0ubuntu1.2 bionic
Affected pkg:deb/ubuntu/nginx-doc?distro=xenial ubuntu nginx-doc < 1.10.3-0ubuntu0.16.04.3 xenial
Affected pkg:deb/ubuntu/nginx-doc?distro=trusty ubuntu nginx-doc < 1.4.6-1ubuntu3.9 trusty
Affected pkg:deb/ubuntu/nginx-doc?distro=bionic ubuntu nginx-doc < 1.14.0-0ubuntu1.2 bionic
Affected pkg:deb/ubuntu/nginx-core?distro=xenial ubuntu nginx-core < 1.10.3-0ubuntu0.16.04.3 xenial
Affected pkg:deb/ubuntu/nginx-core?distro=trusty ubuntu nginx-core < 1.4.6-1ubuntu3.9 trusty
Affected pkg:deb/ubuntu/nginx-core?distro=bionic ubuntu nginx-core < 1.14.0-0ubuntu1.2 bionic
Affected pkg:deb/ubuntu/nginx-common?distro=xenial ubuntu nginx-common < 1.10.3-0ubuntu0.16.04.3 xenial
Affected pkg:deb/ubuntu/nginx-common?distro=trusty ubuntu nginx-common < 1.4.6-1ubuntu3.9 trusty
Affected pkg:deb/ubuntu/nginx-common?distro=bionic ubuntu nginx-common < 1.14.0-0ubuntu1.2 bionic
Affected pkg:deb/ubuntu/libnginx-mod-stream?distro=bionic ubuntu libnginx-mod-stream < 1.14.0-0ubuntu1.2 bionic
Affected pkg:deb/ubuntu/libnginx-mod-rtmp?distro=bionic ubuntu libnginx-mod-rtmp < 1.14.0-0ubuntu1.2 bionic
Affected pkg:deb/ubuntu/libnginx-mod-nchan?distro=bionic ubuntu libnginx-mod-nchan < 1.14.0-0ubuntu1.2 bionic
Affected pkg:deb/ubuntu/libnginx-mod-mail?distro=bionic ubuntu libnginx-mod-mail < 1.14.0-0ubuntu1.2 bionic
Affected pkg:deb/ubuntu/libnginx-mod-http-xslt-filter?distro=bionic ubuntu libnginx-mod-http-xslt-filter < 1.14.0-0ubuntu1.2 bionic
Affected pkg:deb/ubuntu/libnginx-mod-http-upstream-fair?distro=bionic ubuntu libnginx-mod-http-upstream-fair < 1.14.0-0ubuntu1.2 bionic
Affected pkg:deb/ubuntu/libnginx-mod-http-uploadprogress?distro=bionic ubuntu libnginx-mod-http-uploadprogress < 1.14.0-0ubuntu1.2 bionic
Affected pkg:deb/ubuntu/libnginx-mod-http-subs-filter?distro=bionic ubuntu libnginx-mod-http-subs-filter < 1.14.0-0ubuntu1.2 bionic
Affected pkg:deb/ubuntu/libnginx-mod-http-perl?distro=bionic ubuntu libnginx-mod-http-perl < 1.14.0-0ubuntu1.2 bionic
Affected pkg:deb/ubuntu/libnginx-mod-http-ndk?distro=bionic ubuntu libnginx-mod-http-ndk < 1.14.0-0ubuntu1.2 bionic
Affected pkg:deb/ubuntu/libnginx-mod-http-lua?distro=bionic ubuntu libnginx-mod-http-lua < 1.14.0-0ubuntu1.2 bionic
Affected pkg:deb/ubuntu/libnginx-mod-http-image-filter?distro=bionic ubuntu libnginx-mod-http-image-filter < 1.14.0-0ubuntu1.2 bionic
Affected pkg:deb/ubuntu/libnginx-mod-http-headers-more-filter?distro=bionic ubuntu libnginx-mod-http-headers-more-filter < 1.14.0-0ubuntu1.2 bionic
Affected pkg:deb/ubuntu/libnginx-mod-http-geoip?distro=bionic ubuntu libnginx-mod-http-geoip < 1.14.0-0ubuntu1.2 bionic
Affected pkg:deb/ubuntu/libnginx-mod-http-fancyindex?distro=bionic ubuntu libnginx-mod-http-fancyindex < 1.14.0-0ubuntu1.2 bionic
Affected pkg:deb/ubuntu/libnginx-mod-http-echo?distro=bionic ubuntu libnginx-mod-http-echo < 1.14.0-0ubuntu1.2 bionic
Affected pkg:deb/ubuntu/libnginx-mod-http-dav-ext?distro=bionic ubuntu libnginx-mod-http-dav-ext < 1.14.0-0ubuntu1.2 bionic
Affected pkg:deb/ubuntu/libnginx-mod-http-cache-purge?distro=bionic ubuntu libnginx-mod-http-cache-purge < 1.14.0-0ubuntu1.2 bionic
Affected pkg:deb/ubuntu/libnginx-mod-http-auth-pam?distro=bionic ubuntu libnginx-mod-http-auth-pam < 1.14.0-0ubuntu1.2 bionic
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date