Login
Newsletter
Werbung

Sicherheit: Ausführen beliebiger Kommandos in nginx
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in nginx
ID: USN-4967-1
Distribution: Ubuntu
Plattformen: Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 20.10, Ubuntu 21.04
Datum: Mi, 26. Mai 2021, 23:08
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23017
Applikationen: nginx

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============5459262635049068396==
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature";
boundary="U8cS4O9cK2oYKv7QqI7VLZ00I5fhTMa0E"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--U8cS4O9cK2oYKv7QqI7VLZ00I5fhTMa0E
Content-Type: multipart/mixed;
boundary="1qS41UfBGJswxuMCk77SZgBfSKvezcI1X";
protected-headers="v1"
From: Marc Deslauriers <marc.deslauriers@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: "ubuntu-security-announce@lists.ubuntu.com"
<ubuntu-security-announce@lists.ubuntu.com>
Message-ID: <3fcc1857-ac5f-9c57-7490-0b0a8131dfb4@canonical.com>
Subject: [USN-4967-1] nginx vulnerability

--1qS41UfBGJswxuMCk77SZgBfSKvezcI1X
Content-Type: text/plain; charset=utf-8
Content-Language: en-C
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-4967-1
May 26, 2021

nginx vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 21.04
- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS

Summary:

nginx could be made to crash or run programs if it received specially
crafted network traffic.

Software Description:
- nginx: small, powerful, scalable web/proxy server

Details:

Luis Merino, Markus Vervier, and Eric Sesterhenn discovered that nginx
incorrectly handled responses to the DNS resolver. A remote attacker could
use this issue to cause nginx to crash, resulting in a denial of service,
or possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 21.04:
nginx 1.18.0-6ubuntu8.2
nginx-common 1.18.0-6ubuntu8.2
nginx-core 1.18.0-6ubuntu8.2
nginx-extras 1.18.0-6ubuntu8.2
nginx-full 1.18.0-6ubuntu8.2
nginx-light 1.18.0-6ubuntu8.2

Ubuntu 20.10:
nginx 1.18.0-6ubuntu2.2
nginx-common 1.18.0-6ubuntu2.2
nginx-core 1.18.0-6ubuntu2.2
nginx-extras 1.18.0-6ubuntu2.2
nginx-full 1.18.0-6ubuntu2.2
nginx-light 1.18.0-6ubuntu2.2

Ubuntu 20.04 LTS:
nginx 1.18.0-0ubuntu1.2
nginx-common 1.18.0-0ubuntu1.2
nginx-core 1.18.0-0ubuntu1.2
nginx-extras 1.18.0-0ubuntu1.2
nginx-full 1.18.0-0ubuntu1.2
nginx-light 1.18.0-0ubuntu1.2

Ubuntu 18.04 LTS:
nginx 1.14.0-0ubuntu1.9
nginx-common 1.14.0-0ubuntu1.9
nginx-core 1.14.0-0ubuntu1.9
nginx-extras 1.14.0-0ubuntu1.9
nginx-full 1.14.0-0ubuntu1.9
nginx-light 1.14.0-0ubuntu1.9

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-4967-1
CVE-2021-23017

Package Information:
https://launchpad.net/ubuntu/+source/nginx/1.18.0-6ubuntu8.2
https://launchpad.net/ubuntu/+source/nginx/1.18.0-6ubuntu2.2
https://launchpad.net/ubuntu/+source/nginx/1.18.0-0ubuntu1.2
https://launchpad.net/ubuntu/+source/nginx/1.14.0-0ubuntu1.9


--1qS41UfBGJswxuMCk77SZgBfSKvezcI1X--

--U8cS4O9cK2oYKv7QqI7VLZ00I5fhTMa0E
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmCuZ8wACgkQZWnYVadE
vpNJpg//c78gibOzFKtRoTlPlTWYXmowYd1W/I5c81IN+SOMMOFH/Vga/L2tHKFh
0VKiApZDxKsDNcC33UEr2zSxGXr373xQTIVOKe5mmIKzFaFoNO0bjsshxP8LePYZ
fHdJLbj92sy3R2wX/6o1mK/IYAi9SInwyevit1MZ3x3/ogayepIpKHFkP9n2lk21
YsbvY9iaZtSLCesvtEfCphPTe82svM153t0j7PfkO7XtD54zNte+CqfdS0G3UOiU
dPaWFOWm5fdsXSsxp/7oF5IKKGAU367zAVC0aij4IzuaF716V8fS8PXBpiOoqO72
Uckp1UF3/wEgo3RcQWDhZhs83MHqiJv7E/eDISOtBObMiThaqFgo58r1wdsz16sq
8uxJLmNxEcyRc2v8NdBLrNZ9TK1gE1ZPC8jpK+ZUS3tNqvUQ/l9H4oZ5TcfBxfvU
TJsZl9bT2LL8JTC0lRWjF6cGOLpq079DV8qbNXEEHROGVA4pTnYGF8Zu79Nn1FXZ
kisFOvbDjOWWzbuW5Ub4j+7mu2E2UWXDgIE2cyGZPjfSEtr+q/Nxu1BnCtFtBhzU
op2ao7+RFNOX7c1a+L3tbOciKlgYp5mz1YYqU4qVuQKz0Q5CbVtFEtYlsrRMF/3W
eEsu+OUDlqw9QIp+igd1diPdF+xI0ORNC9ttYASjERTqY6kTEYQ=
=Kish
-----END PGP SIGNATURE-----

--U8cS4O9cK2oYKv7QqI7VLZ00I5fhTMa0E--


--===============5459262635049068396==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

--===============5459262635049068396==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung