Summary: | <www-servers/nginx-{1.20.1,1.21.0}: DNS resolver off-by-one heap write vulnerability (CVE-2021-23017) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | gentoo, whissi |
Priority: | High | Flags: | nattka:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html | ||
Whiteboard: | B1 [glsa+ cve] | ||
Package list: |
www-servers/nginx-1.20.1
|
Runtime testing required: | --- |
Description
John Helmert III
2021-05-25 20:58:19 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0bde26175a72fac9a2b93ec2d291440116bf3a95 commit 0bde26175a72fac9a2b93ec2d291440116bf3a95 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2021-05-26 15:55:11 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2021-05-26 15:55:11 +0000 www-servers/nginx: bump to v1.21.0 mainline Bug: https://bugs.gentoo.org/792087 Package-Manager: Portage-3.0.18, Repoman-3.0.3 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> www-servers/nginx/Manifest | 1 + www-servers/nginx/nginx-1.21.0.ebuild | 1086 +++++++++++++++++++++++++++++++++ 2 files changed, 1087 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2efee16240a9bae3f37be3e948c56e03a010b8a3 commit 2efee16240a9bae3f37be3e948c56e03a010b8a3 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2021-05-26 15:53:50 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2021-05-26 15:53:50 +0000 www-servers/nginx: bump to v1.20.1 Bug: https://bugs.gentoo.org/792087 Package-Manager: Portage-3.0.18, Repoman-3.0.3 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> www-servers/nginx/Manifest | 1 + www-servers/nginx/nginx-1.20.1.ebuild | 1086 +++++++++++++++++++++++++++++++++ 2 files changed, 1087 insertions(+) Note that only configurations which specify "resolver" directive are affected. New GLSA request filed. x86 stable This issue was resolved and addressed in GLSA 202105-38 at https://security.gentoo.org/glsa/202105-38 by GLSA coordinator Thomas Deutschmann (whissi). Re-opening for remaining architecture. amd64 stable. Maintainer(s), please cleanup. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1756c525a1ce5b99bdd3fe7c0d847674486942cc commit 1756c525a1ce5b99bdd3fe7c0d847674486942cc Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2021-05-28 09:01:07 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2021-05-28 09:01:07 +0000 www-servers/nginx: security cleanup Bug: https://bugs.gentoo.org/792087 Package-Manager: Portage-3.0.19, Repoman-3.0.3 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> www-servers/nginx/Manifest | 5 - www-servers/nginx/metadata.xml | 1 - www-servers/nginx/nginx-1.18.0-r2.ebuild | 1084 ----------------------------- www-servers/nginx/nginx-1.19.10.ebuild | 1086 ------------------------------ www-servers/nginx/nginx-1.19.9.ebuild | 1086 ------------------------------ 5 files changed, 3262 deletions(-) Repository is clean, all done! |