FEDORA-2018-aa3752ac3c created by luhliarik a year ago for Fedora 28
obsolete

Security fix for CVE-2018-16843, CVE-2018-16844, CVE-2018-16845 + nginx rebase to 1.14.1.

Logout Required
After installing this update it is required that you logout of your current user session and log back in to ensure the changes supplied by this update are applied properly.

This update has been submitted for testing by luhliarik.

a year ago

This update has been pushed to testing.

a year ago

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

a year ago
User Icon anonymous commented & provided feedback a year ago

Newer upstream nginx 1.14.2 was released with Fedora-specific fix. Changes include:

*) Bugfix: nginx could not be built by gcc 8.1.

*) Bugfix: nginx could not be built on Fedora 28 Linux.

*) Bugfix: in handling of client addresses when using unix domain listen
   sockets to work with datagrams on Linux.

*) Change: the logging level of the "http request", "https proxy
   request", "unsupported protocol", "version too low", "no suitable key
   share", and "no suitable signature algorithm" SSL errors has been
   lowered from "crit" to "info".

*) Bugfix: when using OpenSSL 1.1.0 or newer it was not possible to
   switch off "ssl_prefer_server_ciphers" in a virtual server if it was
   switched on in the default server.

*) Bugfix: nginx could not be built with LibreSSL 2.8.0.

*) Bugfix: if nginx was built with OpenSSL 1.1.0 and used with OpenSSL
   1.1.1, the TLS 1.3 protocol was always enabled.

*) Bugfix: sending a disk-buffered request body to a gRPC backend might
   fail.

*) Bugfix: connections with some gRPC backends might not be cached when
   using the "keepalive" directive.

*) Bugfix: a segmentation fault might occur in a worker process if the
   ngx_http_mp4_module was used on 32-bit platforms.
User Icon szydell provided feedback 10 months ago
karma
BZ#1584426 Upstream Nginx 1.14.0 is now available
User Icon szydell commented & provided feedback 10 months ago
karma

Looks ok.

BZ#1584426 Upstream Nginx 1.14.0 is now available

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
1
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Dates
submitted
a year ago
in testing
a year ago
BZ#1584426 Upstream Nginx 1.14.0 is now available
0
1
BZ#1647255 CVE-2018-16845 nginx: Denial of service and memory disclosure via mp4 module [fedora-all]
0
0
BZ#1647258 CVE-2018-16844 nginx: Excessive CPU usage via flaw in HTTP/2 implementation [fedora-all]
0
0
BZ#1647259 CVE-2018-16843 nginx: Excessive memory consumption via flaw in HTTP/2 implementation [fedora-all]
0
0

Automated Test Results