| Summary: | <www-servers/nginx-{1.16.1,1.17.3}: multiple vulnerabilities (CVE-2019-{9511,9513,9516}) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | dev-zero, whissi |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html | ||
| Whiteboard: | B3 [noglsa] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | |||
| Bug Blocks: | 719460 | ||
|
Description
GLSAMaker/CVETool Bot
2019-08-13 20:18:03 UTC
Several security issues were identified in nginx HTTP/2 implementation, which might cause excessive memory consumption and CPU usage (CVE-2019-9511, CVE-2019-9513, CVE-2019-9516). The issues affect nginx compiled with the ngx_http_v2_module (not compiled by default) if the "http2" option of the "listen" directive is used in a configuration file. The issues affect nginx 1.9.5 - 1.17.2. The issues are fixed in nginx 1.17.3, 1.16.1. GLSA Vote: No Repository is clean, all done. |