Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 792087 (CVE-2021-23017) - <www-servers/nginx-{1.20.1,1.21.0}: DNS resolver off-by-one heap write vulnerability (CVE-2021-23017)
Summary: <www-servers/nginx-{1.20.1,1.21.0}: DNS resolver off-by-one heap write vulner...
Status: RESOLVED FIXED
Alias: CVE-2021-23017
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
URL: https://mailman.nginx.org/pipermail/n...
Whiteboard: B1 [glsa+ cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2021-05-25 20:58 UTC by John Helmert III
Modified: 2021-05-28 09:02 UTC (History)
2 users (show)

See Also:
Package list:
www-servers/nginx-1.20.1
Runtime testing required: ---
nattka: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III gentoo-dev Security 2021-05-25 20:58:19 UTC
From URL:

A security issue in nginx resolver was identified, which might allow an
attacker to cause 1-byte memory overwrite by using a specially crafted
DNS response, resulting in worker process crash or, potentially, in
arbitrary code execution (CVE-2021-23017).

The issue only affects nginx if the "resolver" directive is used in
the configuration file.  Further, the attack is only possible if an
attacker is able to forge UDP packets from the DNS server.

The issue affects nginx 0.6.18 - 1.20.0.
The issue is fixed in nginx 1.21.0, 1.20.1.


Please bump.
Comment 1 Larry the Git Cow gentoo-dev 2021-05-26 15:56:42 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0bde26175a72fac9a2b93ec2d291440116bf3a95

commit 0bde26175a72fac9a2b93ec2d291440116bf3a95
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2021-05-26 15:55:11 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2021-05-26 15:55:11 +0000

    www-servers/nginx: bump to v1.21.0 mainline
    
    Bug: https://bugs.gentoo.org/792087
    Package-Manager: Portage-3.0.18, Repoman-3.0.3
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 www-servers/nginx/Manifest            |    1 +
 www-servers/nginx/nginx-1.21.0.ebuild | 1086 +++++++++++++++++++++++++++++++++
 2 files changed, 1087 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2efee16240a9bae3f37be3e948c56e03a010b8a3

commit 2efee16240a9bae3f37be3e948c56e03a010b8a3
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2021-05-26 15:53:50 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2021-05-26 15:53:50 +0000

    www-servers/nginx: bump to v1.20.1
    
    Bug: https://bugs.gentoo.org/792087
    Package-Manager: Portage-3.0.18, Repoman-3.0.3
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 www-servers/nginx/Manifest            |    1 +
 www-servers/nginx/nginx-1.20.1.ebuild | 1086 +++++++++++++++++++++++++++++++++
 2 files changed, 1087 insertions(+)
Comment 2 Thomas Deutschmann gentoo-dev Security 2021-05-26 16:33:29 UTC
Note that only configurations which specify "resolver" directive are affected.
Comment 3 Thomas Deutschmann gentoo-dev Security 2021-05-26 17:03:15 UTC
New GLSA request filed.
Comment 4 Thomas Deutschmann gentoo-dev Security 2021-05-26 17:38:45 UTC
x86 stable
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2021-05-26 17:45:54 UTC
This issue was resolved and addressed in
 GLSA 202105-38 at https://security.gentoo.org/glsa/202105-38
by GLSA coordinator Thomas Deutschmann (whissi).
Comment 6 Thomas Deutschmann gentoo-dev Security 2021-05-26 17:46:28 UTC
Re-opening for remaining architecture.
Comment 7 Agostino Sarubbo gentoo-dev 2021-05-27 06:56:04 UTC
amd64 stable.

Maintainer(s), please cleanup.
Comment 8 Larry the Git Cow gentoo-dev 2021-05-28 09:01:45 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1756c525a1ce5b99bdd3fe7c0d847674486942cc

commit 1756c525a1ce5b99bdd3fe7c0d847674486942cc
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2021-05-28 09:01:07 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2021-05-28 09:01:07 +0000

    www-servers/nginx: security cleanup
    
    Bug: https://bugs.gentoo.org/792087
    Package-Manager: Portage-3.0.19, Repoman-3.0.3
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 www-servers/nginx/Manifest               |    5 -
 www-servers/nginx/metadata.xml           |    1 -
 www-servers/nginx/nginx-1.18.0-r2.ebuild | 1084 -----------------------------
 www-servers/nginx/nginx-1.19.10.ebuild   | 1086 ------------------------------
 www-servers/nginx/nginx-1.19.9.ebuild    | 1086 ------------------------------
 5 files changed, 3262 deletions(-)
Comment 9 Thomas Deutschmann gentoo-dev Security 2021-05-28 09:02:28 UTC
Repository is clean, all done!