What Are You Looking For?

Sign Up
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4335-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
November 08, 2018                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : nginx
CVE ID         : CVE-2018-16843 CVE-2018-16844 CVE-2018-16845

Three vulnerabilities were discovered in Nginx, a high-performance web
and reverse proxy server, which could in denial of service in processing
HTTP/2 (via excessive memory/CPU usage) or server memory disclosure in
the ngx_http_mp4_module module (used for server-side MP4 streaming).

For the stable distribution (stretch), these problems have been fixed in
version 1.10.3-1+deb9u2.

We recommend that you upgrade your nginx packages.

For the detailed security status of nginx please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/nginx

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org

Debian: DSA-4335-1: nginx security update

November 8, 2018
Three vulnerabilities were discovered in Nginx, a high-performance web and reverse proxy server, which could in denial of service in processing HTTP/2 (via excessive memory/CPU usa...

Summary

Three vulnerabilities were discovered in Nginx, a high-performance web
and reverse proxy server, which could in denial of service in processing
HTTP/2 (via excessive memory/CPU usage) or server memory disclosure in
the ngx_http_mp4_module module (used for server-side MP4 streaming).

For the stable distribution (stretch), these problems have been fixed in
version 1.10.3-1+deb9u2.

We recommend that you upgrade your nginx packages.

For the detailed security status of nginx please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/nginx

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org

Severity
Package : nginx
CVE ID : CVE-2018-16843 CVE-2018-16844 CVE-2018-16845

Related News

Krasue RAT Malware Hides on Linux Servers Using Embedded Rootkits

Dec 7, 2023

Remotely Exploitable HAProxy Vuln Threatens Sensitive Data

Dec 8, 2023

Ubuntu Server Security Best Practices

Oct 15, 2023

Widespread Xorg DoS, Privilege Escalation Vulns Fixed

Nov 13, 2023

News

Advisories

HOWTOs

Features

Password Guessing as an Attack Vector
Using Open Source to Ensure Compliance & Data Integrity through Data Governance
Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management

About Us

Powered By

Footer Logo