Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 4750-1] nginx security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 4750-1] nginx security update


Chronologisch Thread 
    < Chronologisch >      < Thread >
  • From: Salvatore Bonaccorso <carnil AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 4750-1] nginx security update
  • Date: Wed, 26 Aug 2020 16:58:14 +0000
  • List-archive: https://lists.debian.org/msgid-search/E1kAykY-00084X-56 AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Date:Message-Id:Subject:To:From:Reply-To:Cc:MIME-Version :Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=qVz2fwvVuMflYEEWeOOwNdZ14vbtgjn0xqDe5BqBrTA=; b=RR hYU2lTxuDkcPcVabwSRaDz2P8GtGEvwuAvjgWTi/NX5hWebQcICgHUEv8mj3Ke8KF5k+WWDuqMUtZ KPDN8Bc4/QePZu9F4Qobragh2h3kB+srf01Zw+CzBPYkewSgrj1vEtAMKa9VXpguHhN4YownJgOVx og3R7vep/+4KPPsMvLdaRL95LBqpoT+6tWxeCrX6CoHqCM9s1VyNjTze9zgPx9ybzJAa1zXeyTdVM vzoHPkUZxNwdvpzQ+JaVKX3Qo2MlzxC6Z1ySdkH2LdspgdoGnR2JLL8xwvA466aZy0Eh+Md/ZTqPn iUH5y2bLdUC5qGpyObVFqS5bO54GkzFw==;
  • Old-return-path: <carnil AT seger.debian.org>
  • Priority: urgent
  • Resent-date: Wed, 26 Aug 2020 16:58:29 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <wPkbz-dH58.A.QpB.1SpRfB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4750-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
August 26, 2020 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : nginx
CVE ID : CVE-2020-11724
Debian Bug : 964950

It was reported that the Lua module for Nginx, a high-performance web
and reverse proxy server, is prone to a HTTP request smuggling
vulnerability.

For the stable distribution (buster), this problem has been fixed in
version 1.14.2-2+deb10u3.

We recommend that you upgrade your nginx packages.

For the detailed security status of nginx please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/nginx

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl9GlAhfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0Q+QBAAlo31j8w4zpQNYaxVm7K/lH4TukFPbE79ZSBnuWvtiC59a7AwWbfqCWd5
kkMTicjMYsExEp+jgnFex5W0LEQ/weRE8DHnAaDIEs4V1eJHzj5NxPUB0ZpFJshJ
oLB8lMX5vJDTSynMmBzzY65UTZl8/5CVDxbku8yS1zVXtl3RHxCoHpmzxWrpfkhU
cl9fdNVF2Vn1GENen5PNz9AhOXLp/Px6Y/iSAYjwLPQJPTEHbYtdBnu/p113QUz9
OlvW1A7hVYtpg6JfX2/dQMzhBHetyOwqnLSnWMPPe/MOd0hA9m3//DHmR5mIb263
YsdOL27u3IVf6leSZ4T8KhK1IChHZF1/Kw6VCaIKr4LtWtPJYDM+QE7pXA7s9UIM
eulmVn4q2ppjSCgV9MqlQpEYs7xvkAgaEAakE93FwARliAhtvmo5JXtz29NamGfp
FjfC8wMNGinVL4Xt8Za3na4QFDuBFD936qOL38vyPS6MrOc0H6RoI2aDHDr0YJi/
YlrhIyAQ8anAVqFaueGrfz9AWcLDCWKWa6A7ShIZLRIUlPyUwZ4M0jnQNEw4epva
Y8LqLuDvrG2Zl9saVD0YmkAVh2A2o3xVuiQa1O4wTYQPvAW2WT87yjXsamjGila8
whAgsNA6L2BC2Y9jHCCeYV57e/dibmDrC2QFprEeqDNKZD2a8UE=
=QmrI
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 4750-1] nginx security update, Salvatore Bonaccorso, 26.08.2020

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang