692102 – <www-servers/nginx-{1.16.1,1.17.3}: multiple vulnerabilities (CVE-2019-{9511,9513,9516})

Bug 692102 - <www-servers/nginx-{1.16.1,1.17.3}: multiple vulnerabilities (CVE-2019-{9511,9513,9516})

Summary: <www-servers/nginx-{1.16.1,1.17.3}: multiple vulnerabilities (CVE-2019-{9511,...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:	https://mailman.nginx.org/pipermail/n...
Whiteboard:	B3 [noglsa]
Keywords:

Depends on:
Blocks:	CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517
	Show dependency tree

Reported:	2019-08-13 20:18 UTC by GLSAMaker/CVETool Bot
Modified:	2020-04-26 00:13 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description GLSAMaker/CVETool Bot gentoo-dev

2019-08-13 20:18:03 UTC

Incoming details.

Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev

2019-08-13 20:20:20 UTC

Several security issues were identified in nginx HTTP/2
implementation, which might cause excessive memory consumption
and CPU usage (CVE-2019-9511, CVE-2019-9513, CVE-2019-9516).

The issues affect nginx compiled with the ngx_http_v2_module (not
compiled by default) if the "http2" option of the "listen" directive
is used in a configuration file.

The issues affect nginx 1.9.5 - 1.17.2.
The issues are fixed in nginx 1.17.3, 1.16.1.



GLSA Vote: No

Repository is clean, all done.