Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Ubuntu 16.04 ESM: USN-4967-2 Medium: Nginx Denial Of Service

ubuntu
Calendar Grey May 27, 2021
Dist Ubuntu Esm H88
Attention Ubuntu 16.04 and 14.04 users: A new update for nginx is now available addressing stability issues and risks of code execution vulnerabilities.
nginx could be made to crash or run programs if it received specially crafted network traffic.

Summary

nginx could be made to crash or run programs if it received specially

crafted network traffic.

Software Description:

- nginx: small, powerful, scalable web/proxy server

Details:

USN-4967-1 fixed a vulnerability in nginx. This update provides

the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM.

Original advisory details:

Luis Merino, Markus Vervier, and Eric Sesterhenn discovered that nginx

incorrectly handled responses to the DNS resolver. A remote attacker could

use this issue to cause nginx to crash, resulting in a denial of service,

or possibly execute arbitrary code.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 ESM:
  nginx                           1.10.3-0ubuntu0.16.04.5+esm1
  nginx-common                    1.10.3-0ubuntu0.16.04.5+esm1
  nginx-core                      1.10.3-0ubuntu0.16.04.5+esm1
  nginx-extras                    1.10.3-0ubuntu0.16.04.5+esm1
  nginx-full                      1.10.3-0ubuntu0.16.04.5+esm1
  nginx-light                     1.10.3-0ubuntu0.16.04.5+esm1

Ubuntu 14.04 ESM:
  nginx                           1.4.6-1ubuntu3.9+esm2
  nginx-common                    1.4.6-1ubuntu3.9+esm2
  nginx-core                      1.4.6-1ubuntu3.9+esm2
  nginx-extras                    1.4.6-1ubuntu3.9+esm2
  nginx-full                      1.4.6-1ubuntu3.9+esm2
  nginx-light                     1.4.6-1ubuntu3.9+esm2

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4967-2

https://ubuntu.com/security/notices/USN-4967-1

CVE-2021-23017

Severity
medium
Lowest
Low
Medium
High
Critical

May 27, 2021

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here