ArchLinux: 201908-13: nginx: denial of service

    Date24 Aug 2019
    CategoryArchLinux
    494
    Posted ByLinuxSecurity Advisories
    The package nginx before version 1.16.1-1 is vulnerable to denial of service.
    Arch Linux Security Advisory ASA-201908-13
    ==========================================
    
    Severity: Medium
    Date    : 2019-08-16
    CVE-ID  : CVE-2019-9511 CVE-2019-9513 CVE-2019-9516
    Package : nginx
    Type    : denial of service
    Remote  : Yes
    Link    : https://security.archlinux.org/AVG-1023
    
    Summary
    =======
    
    The package nginx before version 1.16.1-1 is vulnerable to denial of
    service.
    
    Resolution
    ==========
    
    Upgrade to 1.16.1-1.
    
    # pacman -Syu "nginx>=1.16.1-1"
    
    The problems have been fixed upstream in version 1.16.1.
    
    Workaround
    ==========
    
    Disable http/2 support.
    
    Description
    ===========
    
    - CVE-2019-9511 (denial of service)
    
    An issue has been found in several HTTP/2 implementations, where the
    attacker requests a large amount of data from a specified resource over
    multiple streams. They manipulate window size and stream priority to
    force the server to queue the data in 1-byte chunks. Depending on how
    efficiently this data is queued, this can consume excess CPU, memory,
    or both, potentially leading to a denial of service.
    
    - CVE-2019-9513 (denial of service)
    
    An issue has been found in several HTTP/2 implementations, where the
    attacker creates multiple request streams and continually shuffles the
    priority of the streams in a way that causes substantial churn to the
    priority tree. This can consume excess CPU, potentially leading to a
    denial of service.
    
    - CVE-2019-9516 (denial of service)
    
    An issue has been found in several HTTP/2 implementations, where the
    attacker sends a stream of headers with a 0-length header name and
    0-length header value, optionally Huffman encoded into 1-byte or
    greater headers. Some implementations allocate memory for these headers
    and keep the allocation alive until the session dies. This can consume
    excess memory, potentially leading to a denial of service.
    
    Impact
    ======
    
    A remote attacker is able cause a denial of service by sending a
    specially crafted packet.
    
    References
    ==========
    
    https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html
    https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
    https://github.com/nginx/nginx/commit/a987f81dd19210bc30b62591db331e31d3d74089
    https://github.com/nginx/nginx/commit/5ae726912654da10a9a81b2c8436829f3e94f69f
    https://github.com/nginx/nginx/commit/6dfbc8b1c2116f362bb871efebbf9df576738e89
    https://security.archlinux.org/CVE-2019-9511
    https://security.archlinux.org/CVE-2019-9513
    https://security.archlinux.org/CVE-2019-9516
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"15","type":"x","order":"1","pct":53.57,"resources":[]},{"id":"88","title":"Should be more technical","votes":"4","type":"x","order":"2","pct":14.29,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"9","type":"x","order":"3","pct":32.14,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.