Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Mageia: 2021-0301 Moderate: Nginx Remote Code Execution Threat

mageia
Calendar Grey June 29, 2021
Dist Mageia Esm H88
Recent apache update addresses a critical vulnerability impacting Fedora versions, threatening user privacy and system reliability.
A flaw was found in nginx

Summary

A flaw was found in nginx. An off-by-one error while processing DNS responses allows a network attacker to write a dot character out of bounds in a heap allocated buffer which can allow overwriting the least significant byte of next heap chunk metadata likely leading to a remote code execution in certain circumstances. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability (CVE-2021-23017).

References

- https://bugs.mageia.org/show_bug.cgi?id=28965

- https://www.openwall.com/lists/oss-security/2021/05/25/5

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/7SFVYHC7OXTEO4SMBWXDVK6E5IMEYMEE/

- https://www.cve.org/CVERecord?id=CVE-2021-23017

Resolution

SRPMS

- 8/core/nginx-1.18.0-5.1.mga8

- 7/core/nginx-1.16.1-1.3.mga7

Severity
important
Lowest
Low
Medium
High
Critical

Publication date: 29 Jun 2021
URL: https://advisories.mageia.org/MGASA-2021-0301.html
Type: security
CVE: CVE-2021-23017

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here