Source | Text Version

QSN-4099-1: nginx vulnerabilities

August 15, 2019

Summary

nginx could be made to crash if it received specially crafted network traffic.

Details

Jonathan Looney discovered that nginx incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to consume resources, leading to a denial of service.

References

https://usn.ubuntu.com/4099-1

http://people.canonical.com/~ubuntu-security/cve/CVE-2019-9511

http://people.canonical.com/~ubuntu-security/cve/CVE-2019-9513

http://people.canonical.com/~ubuntu-security/cve/CVE-2019-9516

Update

A general update will usually fix all issues, but to make sure, you can check your current version with:

$ dpkg -l nginx-common

If the current version you have is before 1.10.3-0ubuntu0.16.04.4, run the following:

$ sudo apt-get update
$ sudo apt-get install nginx-common

A general update will usually fix all issues, but to make sure, you can check your current version with:

$ dpkg -l nginx-core

If the current version you have is before 1.10.3-0ubuntu0.16.04.4, run the following:

$ sudo apt-get update
$ sudo apt-get install nginx-core

A general update will usually fix all issues, but to make sure, you can check your current version with:

$ dpkg -l nginx-extras

If the current version you have is before 1.10.3-0ubuntu0.16.04.4, run the following:

$ sudo apt-get update
$ sudo apt-get install nginx-extras

A general update will usually fix all issues, but to make sure, you can check your current version with:

$ dpkg -l nginx-full

If the current version you have is before 1.10.3-0ubuntu0.16.04.4, run the following:

$ sudo apt-get update
$ sudo apt-get install nginx-full

A general update will usually fix all issues, but to make sure, you can check your current version with:

$ dpkg -l nginx-light

If the current version you have is before 1.10.3-0ubuntu0.16.04.4, run the following:

$ sudo apt-get update
$ sudo apt-get install nginx-light

Copyright © 2010-2015, OSNEXUS Corporation. All rights reserved.