You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa nginx

Sigurnosni nedostatak programskog paketa nginx

by - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-4235-2
January 15, 2020

nginx vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 ESM

Summary:

nginx could be made to expose sensitive information over the
network.

Software Description:
– nginx: small, powerful, scalable web/proxy server

Details:

USN-4235-1 fixed a vulnerability in nginx. This update provides
the corresponding update for Ubuntu 14.04 ESM.

Original advisory details:

Bert JW Regeer and Francisco Oca Gonzalez discovered that nginx incorrectly
handled certain error_page configurations. A remote attacker could possibly
use this issue to perform HTTP request smuggling attacks and access
resources contrary to expectations.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
nginx-common 1.4.6-1ubuntu3.9+esm1
nginx-core 1.4.6-1ubuntu3.9+esm1
nginx-extras 1.4.6-1ubuntu3.9+esm1
nginx-full 1.4.6-1ubuntu3.9+esm1
nginx-light 1.4.6-1ubuntu3.9+esm1

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4235-2
https://usn.ubuntu.com/4235-1
CVE-2019-20372
—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAl4fYFkACgkQRbznW4QL
H2nMRg/8DoVyw7l6+nKTVn5bQzaYy4X57gDt8fMPNzIj0r979LRUuBC8e7/Oy9ie
j+cXc5yVmtvdrlh4juPTZgyyVvB060NcFnCd8LkeK/bj68V1TIznUsSykxy0K+/+
hCHdWgd4GRACsrocbBSR9gkN41JnIAonbiGoyolN4QaQXwWAI9P/Km5UQxfbTcGN
4o0nFcI7e32xcASQ2xLTEHVoE/giqjn4uAk53sB+BsI/mbJUHUwmGZHbMBWri6Ls
oYoVHWgd1ENDWRv6jY9097PW4nvDrlxvnNz6vD7yFJS7YlfI+spmpChwEZ77e5C2
I85dRO3aS+8QMLjwmYAZoBDUd6cLRemNo4BTje6g1Dq2E5ZCtXYaHuj9mCtCpejT
4vFoLG9dVLDIhRQcVrqv8ADoU/QZ3791ZlQGTkg4fpKzFPMCzvvxnCH2kJVP75qG
3Ez2u9wX1ooZEOFCZ7AUSk9Dr2WvP8KY3+8+g/5S9ZBGqPN/pJ0HjfX6ZH66SG7r
tfOXC8UKcme2ci+IyY/p2j+ZjbRcaKJQyELAyFFqSTENU/BiuivTM9YEsQG7oLjG
iKOCkKseIGxMzssGOqe3buDfgp71cECc48kSnp9ixDgcKattF54D/85mQC/u3DEX
igXkPpiSlt9ISwX6x90k1ILNmD++Rg2kO+vXFKcM0UWwMZF9//s=
=pKpd
—–END PGP SIGNATURE—–

AutorToni Vugdelija
Cert idNCERT-REF-2020-01-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostatak programske biblioteke libpcap

Otkriven je sigurnosni nedostatak programske biblioteke libpcap za operacijski sustav Ubuntu. Otkriveni nedostatak potencijalnim napadačima omogućuje izazivanje DoS stanja. Savjetuje...

Close