Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Debian 9: DLA-2283-1 Moderate Nginx HTTP Request Smuggling

debian lts
Calendar Grey July 20, 2020
Dist Debian Esm H88
An HTTP request smuggling vulnerability in the ngx_lua module for nginx has been resolved. Ensure that you update your nginx installations on Debian 9 stretch!
An HTTP request smuggling issue was discovered in the ngx_lua plugin for nginx, a high-performance web and reverse proxy server, as demonstrated by the ngx.location.capture API

Summary

For Debian 9 stretch, this problem has been fixed in version
1.10.3-1+deb9u5.

We recommend that you upgrade your nginx packages.

For the detailed security status of nginx please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/nginx

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Package: nginx
Version: 1.10.3-1+deb9u5
CVE ID: CVE-2020-11724
Debian Bug: 964950

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here