[ubuntu/bionic-security] nginx 1.14.0-0ubuntu1.10 (Accepted)
David Fernandez Gonzalez
david.fernandezgonzalez at canonical.com
Tue Apr 12 14:19:16 UTC 2022
nginx (1.14.0-0ubuntu1.10) bionic-security; urgency=medium
* SECURITY UPDATE: ALPACA TLS issue
- debian/patches/CVE-2021-3618.patch: specify the number of
errors after which the connection is closed in
src/mail/ngx_mail.h, src/mail/ngx_mail_core_module.c and
src/mail/ngx_mail_handler.c.
- CVE-2021-3618
* SECURITY UPDATE: request mutation by unsafe characters
- Add input validation to requests in Lua module in
debian/modules/http-lua/src/ngx_http_lua_control.c,
debian/modules/http-lua/src/ngx_http_lua_headers_in.c,
debian/modules/http-lua/src/ngx_http_lua_headers_out.c,
debian/modules/http-lua/src/ngx_http_lua_uri.c,
debian/modules/http-lua/src/ngx_http_lua_util.h and
debian/modules/http-lua/src/ngx_http_lua_util.h.
- CVE-2020-36309
* SECURITY UPDATE: request smuggling in ngx.location.capture
- Add manual crafting of Content-Length in case request is
chunked in
debian/modules/http-lua/src/ngx_http_lua_subrequest.c.
- CVE-2020-11724
Date: 2022-04-12 09:58:12.504849+00:00
Changed-By: David Fernandez Gonzalez <david.fernandezgonzalez at canonical.com>
https://launchpad.net/ubuntu/+source/nginx/1.14.0-0ubuntu1.10
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list