[ubuntu/focal-updates] nginx 1.18.0-0ubuntu1.3 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Tue Apr 12 14:58:19 UTC 2022
nginx (1.18.0-0ubuntu1.3) focal-security; urgency=medium
* SECURITY UPDATE: ALPACA TLS issue
- debian/patches/CVE-2021-3618.patch: specify the number of
errors after which the connection is closed in
src/mail/ngx_mail.h, src/mail/ngx_mail_core_module.c and
src/mail/ngx_mail_handler.c.
- CVE-2021-3618
* SECURITY UPDATE: request mutation by unsafe characters
- Add input validation to requests in Lua module in
debian/modules/http-lua/src/ngx_http_lua_control.c,
debian/modules/http-lua/src/ngx_http_lua_headers_in.c,
debian/modules/http-lua/src/ngx_http_lua_headers_out.c,
debian/modules/http-lua/src/ngx_http_lua_uri.c,
debian/modules/http-lua/src/ngx_http_lua_util.h and
debian/modules/http-lua/src/ngx_http_lua_util.h.
- CVE-2020-36309
* SECURITY UPDATE: request smuggling in ngx.location.capture
- Add manual crafting of Content-Length in case request is
chunked in
debian/modules/http-lua/src/ngx_http_lua_subrequest.c.
- CVE-2020-11724
Date: 2022-04-12 09:58:09.328062+00:00
Changed-By: David Fernandez Gonzalez <david.fernandezgonzalez at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/nginx/1.18.0-0ubuntu1.3
-------------- next part --------------
Sorry, changesfile not available.
More information about the Focal-changes
mailing list