[Pkg-nginx-maintainers] Bug#913090: nginx: CVE-2018-16843 CVE-2018-16844 CVE-2018-16845
Salvatore Bonaccorso
carnil at debian.org
Tue Nov 6 20:26:13 GMT 2018
Source: nginx
Version: 1.10.3-1
Severity: important
Tags: security upstream
Control: found -1 1.10.3-1+deb9u1
Control: found -1 1.14.0-1
Hi,
The following vulnerabilities were published for nginx.
CVE-2018-16843[0]:
Excessive memory usage in HTTP/2
CVE-2018-16844[1]:
Excessive CPU usage in HTTP/2
CVE-2018-16845[2]:
Memory disclosure in the ngx_http_mp4_module
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-16843
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16843
[1] https://security-tracker.debian.org/tracker/CVE-2018-16844
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16844
[2] https://security-tracker.debian.org/tracker/CVE-2018-16845
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16845
Regards,
Salvatore
More information about the Pkg-nginx-maintainers
mailing list