What Are You Looking For?

Sign Up
MGASA-2021-0301 - Updated nginx package fixes a security vulnerability

Publication date: 29 Jun 2021
URL: https://advisories.mageia.org/MGASA-2021-0301.html
Type: security
Affected Mageia releases: 7, 8
CVE: CVE-2021-23017

A flaw was found in nginx. An off-by-one error while processing DNS responses
allows a network attacker to write a dot character out of bounds in a heap
allocated buffer which can allow overwriting the least significant byte of next
heap chunk metadata likely leading to a remote code execution in certain
circumstances. The highest threat from this vulnerability is to data
confidentiality and integrity as well as system availability (CVE-2021-23017).

References:
- https://bugs.mageia.org/show_bug.cgi?id=28965
- https://www.openwall.com/lists/oss-security/2021/05/25/5
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/7SFVYHC7OXTEO4SMBWXDVK6E5IMEYMEE/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23017

SRPMS:
- 8/core/nginx-1.18.0-5.1.mga8
- 7/core/nginx-1.16.1-1.3.mga7

Mageia 2021-0301: nginx security update

A flaw was found in nginx

Summary

A flaw was found in nginx. An off-by-one error while processing DNS responses allows a network attacker to write a dot character out of bounds in a heap allocated buffer which can allow overwriting the least significant byte of next heap chunk metadata likely leading to a remote code execution in certain circumstances. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability (CVE-2021-23017).

References

- https://bugs.mageia.org/show_bug.cgi?id=28965

- https://www.openwall.com/lists/oss-security/2021/05/25/5

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/7SFVYHC7OXTEO4SMBWXDVK6E5IMEYMEE/

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23017

Resolution

MGASA-2021-0301 - Updated nginx package fixes a security vulnerability

SRPMS

- 8/core/nginx-1.18.0-5.1.mga8

- 7/core/nginx-1.16.1-1.3.mga7

Severity
Publication date: 29 Jun 2021
URL: https://advisories.mageia.org/MGASA-2021-0301.html
Type: security
CVE: CVE-2021-23017

Related News

The Rust Foundation to Develop Training and Certification Program

Dec 3, 2023

Linus Torvalds on the State of Linux Today and How AI Figures in Its Future

Dec 6, 2023

Windows, Linux Systems Targeted in Pro-Hamas BiBi Wiper Malware Attack

Nov 15, 2023

Severe Firefox, Thunderbird Bugs Could Lead to System Takeover

Dec 2, 2023

News

Advisories

HOWTOs

Features

Password Guessing as an Attack Vector
Using Open Source to Ensure Compliance & Data Integrity through Data Governance
Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management

About Us

Powered By

Footer Logo