Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 792087 (CVE-2021-23017)

Summary: <www-servers/nginx-{1.20.1,1.21.0}: DNS resolver off-by-one heap write vulnerability (CVE-2021-23017)
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: gentoo, whissi
Priority: High Flags: nattka: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html
Whiteboard: B1 [glsa+ cve]
Package list:
www-servers/nginx-1.20.1
Runtime testing required: ---

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-05-25 20:58:19 UTC
From URL:

A security issue in nginx resolver was identified, which might allow an
attacker to cause 1-byte memory overwrite by using a specially crafted
DNS response, resulting in worker process crash or, potentially, in
arbitrary code execution (CVE-2021-23017).

The issue only affects nginx if the "resolver" directive is used in
the configuration file.  Further, the attack is only possible if an
attacker is able to forge UDP packets from the DNS server.

The issue affects nginx 0.6.18 - 1.20.0.
The issue is fixed in nginx 1.21.0, 1.20.1.


Please bump.
Comment 1 Larry the Git Cow gentoo-dev 2021-05-26 15:56:42 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0bde26175a72fac9a2b93ec2d291440116bf3a95

commit 0bde26175a72fac9a2b93ec2d291440116bf3a95
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2021-05-26 15:55:11 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2021-05-26 15:55:11 +0000

    www-servers/nginx: bump to v1.21.0 mainline
    
    Bug: https://bugs.gentoo.org/792087
    Package-Manager: Portage-3.0.18, Repoman-3.0.3
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 www-servers/nginx/Manifest            |    1 +
 www-servers/nginx/nginx-1.21.0.ebuild | 1086 +++++++++++++++++++++++++++++++++
 2 files changed, 1087 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2efee16240a9bae3f37be3e948c56e03a010b8a3

commit 2efee16240a9bae3f37be3e948c56e03a010b8a3
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2021-05-26 15:53:50 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2021-05-26 15:53:50 +0000

    www-servers/nginx: bump to v1.20.1
    
    Bug: https://bugs.gentoo.org/792087
    Package-Manager: Portage-3.0.18, Repoman-3.0.3
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 www-servers/nginx/Manifest            |    1 +
 www-servers/nginx/nginx-1.20.1.ebuild | 1086 +++++++++++++++++++++++++++++++++
 2 files changed, 1087 insertions(+)
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2021-05-26 16:33:29 UTC
Note that only configurations which specify "resolver" directive are affected.
Comment 3 Thomas Deutschmann (RETIRED) gentoo-dev 2021-05-26 17:03:15 UTC
New GLSA request filed.
Comment 4 Thomas Deutschmann (RETIRED) gentoo-dev 2021-05-26 17:38:45 UTC
x86 stable
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2021-05-26 17:45:54 UTC
This issue was resolved and addressed in
 GLSA 202105-38 at https://security.gentoo.org/glsa/202105-38
by GLSA coordinator Thomas Deutschmann (whissi).
Comment 6 Thomas Deutschmann (RETIRED) gentoo-dev 2021-05-26 17:46:28 UTC
Re-opening for remaining architecture.
Comment 7 Agostino Sarubbo gentoo-dev 2021-05-27 06:56:04 UTC
amd64 stable.

Maintainer(s), please cleanup.
Comment 8 Larry the Git Cow gentoo-dev 2021-05-28 09:01:45 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1756c525a1ce5b99bdd3fe7c0d847674486942cc

commit 1756c525a1ce5b99bdd3fe7c0d847674486942cc
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2021-05-28 09:01:07 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2021-05-28 09:01:07 +0000

    www-servers/nginx: security cleanup
    
    Bug: https://bugs.gentoo.org/792087
    Package-Manager: Portage-3.0.19, Repoman-3.0.3
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 www-servers/nginx/Manifest               |    5 -
 www-servers/nginx/metadata.xml           |    1 -
 www-servers/nginx/nginx-1.18.0-r2.ebuild | 1084 -----------------------------
 www-servers/nginx/nginx-1.19.10.ebuild   | 1086 ------------------------------
 www-servers/nginx/nginx-1.19.9.ebuild    | 1086 ------------------------------
 5 files changed, 3262 deletions(-)
Comment 9 Thomas Deutschmann (RETIRED) gentoo-dev 2021-05-28 09:02:28 UTC
Repository is clean, all done!