Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2017-7529
Vulnerability from cvelistv5
Published
2017-07-13 13:00
Modified
2024-09-16 18:39
Severity ?
EPSS score ?
Summary
Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T16:04:11.898Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[nginx-announce] 20170711 nginx security advisory (CVE-2017-7529)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html", }, { name: "RHSA-2017:2538", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:2538", }, { name: "99534", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/99534", }, { name: "1039238", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1039238", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://puppet.com/security/cve/cve-2017-7529", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/kb/HT212818", }, { name: "20210921 APPLE-SA-2021-09-20-4 Xcode 13", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2021/Sep/36", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "nginx", vendor: "nginx", versions: [ { status: "affected", version: "0.5.6 - 1.13.2", }, ], }, ], datePublic: "2017-07-11T00:00:00", descriptions: [ { lang: "en", value: "Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-190", description: "CWE-190", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-09-21T23:07:12", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "[nginx-announce] 20170711 nginx security advisory (CVE-2017-7529)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html", }, { name: "RHSA-2017:2538", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:2538", }, { name: "99534", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/99534", }, { name: "1039238", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1039238", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://puppet.com/security/cve/cve-2017-7529", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/kb/HT212818", }, { name: "20210921 APPLE-SA-2021-09-20-4 Xcode 13", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2021/Sep/36", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", DATE_PUBLIC: "2017-07-11T00:00:00", ID: "CVE-2017-7529", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "nginx", version: { version_data: [ { version_value: "0.5.6 - 1.13.2", }, ], }, }, ], }, vendor_name: "nginx", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-190", }, ], }, ], }, references: { reference_data: [ { name: "[nginx-announce] 20170711 nginx security advisory (CVE-2017-7529)", refsource: "MLIST", url: "http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html", }, { name: "RHSA-2017:2538", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:2538", }, { name: "99534", refsource: "BID", url: "http://www.securityfocus.com/bid/99534", }, { name: "1039238", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1039238", }, { name: "https://puppet.com/security/cve/cve-2017-7529", refsource: "CONFIRM", url: "https://puppet.com/security/cve/cve-2017-7529", }, { name: "https://support.apple.com/kb/HT212818", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT212818", }, { name: "20210921 APPLE-SA-2021-09-20-4 Xcode 13", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2021/Sep/36", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2017-7529", datePublished: "2017-07-13T13:00:00Z", dateReserved: "2017-04-05T00:00:00", dateUpdated: "2024-09-16T18:39:56.411Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2017-7529\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2017-07-13T13:29:00.220\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.\"},{\"lang\":\"es\",\"value\":\"Las versiones desde la 0.5.6 hasta 1.13.2 incluyéndola de Nginx, son susceptibles a una vulnerabilidad de desbordamiento de enteros en el módulo filtro de rango de nginx, resultando en un filtrado de información potencialmente confidencial activada por una petición especialmente creada.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-190\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-190\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"0.5.6\",\"versionEndIncluding\":\"1.12.1\",\"matchCriteriaId\":\"D19034A4-1211-4A40-A2D3-2A9F87770081\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.13.0\",\"versionEndIncluding\":\"1.13.2\",\"matchCriteriaId\":\"BA59CB1C-4A69-4593-9D22-9B45FCA70490\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2016.4.7\",\"matchCriteriaId\":\"B7ABD977-A333-473B-806D-32ECD7909B35\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2017.1.0\",\"versionEndIncluding\":\"2017.1.1\",\"matchCriteriaId\":\"15CC6F3C-8DA8-4CE0-8E9A-057A0F55DEE4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2017.2.1\",\"versionEndIncluding\":\"2017.2.3\",\"matchCriteriaId\":\"38CBF065-5219-463A-9677-86088D761584\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"13.0\",\"matchCriteriaId\":\"BB279F6B-EE4C-4885-9CD4-657F6BD2548F\"}]}]}],\"references\":[{\"url\":\"http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2021/Sep/36\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/99534\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039238\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2538\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://puppet.com/security/cve/cve-2017-7529\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT212818\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2021/Sep/36\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/99534\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039238\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2538\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://puppet.com/security/cve/cve-2017-7529\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT212818\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}", }, }
suse-su-2017:2387-1
Vulnerability from csaf_suse
Published
2017-09-07 14:38
Modified
2017-09-07 14:38
Summary
Security update for nginx-1.0
Notes
Title of the patch
Security update for nginx-1.0
Description of the patch
This update for NGINX fixes the following issues:
Security issue fixed:
- CVE-2017-7529: Integer overflow in nginx range filter module leading to memory disclosure. (bsc#1048265)
Patchnames
sleslms13-nginx-1.0-13271,slestso13-nginx-1.0-13271,slewyst13-nginx-1.0-13271
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "low", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for nginx-1.0", title: "Title of the patch", }, { category: "description", text: "This update for NGINX fixes the following issues:\n\nSecurity issue fixed:\n- CVE-2017-7529: Integer overflow in nginx range filter module leading to memory disclosure. (bsc#1048265)\n", title: "Description of the patch", }, { category: "details", text: "sleslms13-nginx-1.0-13271,slestso13-nginx-1.0-13271,slewyst13-nginx-1.0-13271", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_2387-1.json", }, { category: "self", summary: "URL for SUSE-SU-2017:2387-1", url: "https://www.suse.com/support/update/announcement/2017/suse-su-20172387-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2017:2387-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2017-September/003192.html", }, { category: "self", summary: "SUSE Bug 1048265", url: "https://bugzilla.suse.com/1048265", }, { category: "self", summary: "SUSE CVE CVE-2017-7529 page", url: "https://www.suse.com/security/cve/CVE-2017-7529/", }, ], title: "Security update for nginx-1.0", tracking: { current_release_date: "2017-09-07T14:38:39Z", generator: { date: "2017-09-07T14:38:39Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2017:2387-1", initial_release_date: "2017-09-07T14:38:39Z", revision_history: [ { date: "2017-09-07T14:38:39Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "nginx-1.0-1.0.15-0.35.3.1.i586", product: { name: "nginx-1.0-1.0.15-0.35.3.1.i586", product_id: "nginx-1.0-1.0.15-0.35.3.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "nginx-1.0-1.0.15-0.35.3.1.ia64", product: { name: "nginx-1.0-1.0.15-0.35.3.1.ia64", product_id: "nginx-1.0-1.0.15-0.35.3.1.ia64", }, }, ], category: "architecture", name: "ia64", }, { branches: [ { category: "product_version", name: "nginx-1.0-1.0.15-0.35.3.1.ppc64", product: { name: "nginx-1.0-1.0.15-0.35.3.1.ppc64", product_id: "nginx-1.0-1.0.15-0.35.3.1.ppc64", }, }, ], category: "architecture", name: "ppc64", }, { branches: [ { category: "product_version", name: "nginx-1.0-1.0.15-0.35.3.1.s390x", product: { name: "nginx-1.0-1.0.15-0.35.3.1.s390x", product_id: "nginx-1.0-1.0.15-0.35.3.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "nginx-1.0-1.0.15-0.35.3.1.x86_64", product: { name: "nginx-1.0-1.0.15-0.35.3.1.x86_64", product_id: "nginx-1.0-1.0.15-0.35.3.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Lifecycle Management Server 1.3", product: { name: "SUSE Lifecycle Management Server 1.3", product_id: "SUSE Lifecycle Management Server 1.3", product_identification_helper: { cpe: "cpe:/a:suse:sle-slms:1.3", }, }, }, { category: "product_name", name: "SUSE Studio Onsite 1.3", product: { name: "SUSE Studio Onsite 1.3", product_id: "SUSE Studio Onsite 1.3", product_identification_helper: { cpe: "cpe:/o:suse:sle-studioonsite:1.3", }, }, }, { category: "product_name", name: "SUSE WebYast 1.3", product: { name: "SUSE WebYast 1.3", product_id: "SUSE WebYast 1.3", product_identification_helper: { cpe: "cpe:/o:suse:webyast:1.3", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "nginx-1.0-1.0.15-0.35.3.1.x86_64 as component of SUSE Lifecycle Management Server 1.3", product_id: "SUSE Lifecycle Management Server 1.3:nginx-1.0-1.0.15-0.35.3.1.x86_64", }, product_reference: "nginx-1.0-1.0.15-0.35.3.1.x86_64", relates_to_product_reference: "SUSE Lifecycle Management Server 1.3", }, { category: "default_component_of", full_product_name: { name: "nginx-1.0-1.0.15-0.35.3.1.x86_64 as component of SUSE Studio Onsite 1.3", product_id: "SUSE Studio Onsite 1.3:nginx-1.0-1.0.15-0.35.3.1.x86_64", }, product_reference: "nginx-1.0-1.0.15-0.35.3.1.x86_64", relates_to_product_reference: "SUSE Studio Onsite 1.3", }, { category: "default_component_of", full_product_name: { name: "nginx-1.0-1.0.15-0.35.3.1.i586 as component of SUSE WebYast 1.3", product_id: "SUSE WebYast 1.3:nginx-1.0-1.0.15-0.35.3.1.i586", }, product_reference: "nginx-1.0-1.0.15-0.35.3.1.i586", relates_to_product_reference: "SUSE WebYast 1.3", }, { category: "default_component_of", full_product_name: { name: "nginx-1.0-1.0.15-0.35.3.1.ia64 as component of SUSE WebYast 1.3", product_id: "SUSE WebYast 1.3:nginx-1.0-1.0.15-0.35.3.1.ia64", }, product_reference: "nginx-1.0-1.0.15-0.35.3.1.ia64", relates_to_product_reference: "SUSE WebYast 1.3", }, { category: "default_component_of", full_product_name: { name: "nginx-1.0-1.0.15-0.35.3.1.ppc64 as component of SUSE WebYast 1.3", product_id: "SUSE WebYast 1.3:nginx-1.0-1.0.15-0.35.3.1.ppc64", }, product_reference: "nginx-1.0-1.0.15-0.35.3.1.ppc64", relates_to_product_reference: "SUSE WebYast 1.3", }, { category: "default_component_of", full_product_name: { name: "nginx-1.0-1.0.15-0.35.3.1.s390x as component of SUSE WebYast 1.3", product_id: "SUSE WebYast 1.3:nginx-1.0-1.0.15-0.35.3.1.s390x", }, product_reference: "nginx-1.0-1.0.15-0.35.3.1.s390x", relates_to_product_reference: "SUSE WebYast 1.3", }, { category: "default_component_of", full_product_name: { name: "nginx-1.0-1.0.15-0.35.3.1.x86_64 as component of SUSE WebYast 1.3", product_id: "SUSE WebYast 1.3:nginx-1.0-1.0.15-0.35.3.1.x86_64", }, product_reference: "nginx-1.0-1.0.15-0.35.3.1.x86_64", relates_to_product_reference: "SUSE WebYast 1.3", }, ], }, vulnerabilities: [ { cve: "CVE-2017-7529", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-7529", }, ], notes: [ { category: "general", text: "Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Lifecycle Management Server 1.3:nginx-1.0-1.0.15-0.35.3.1.x86_64", "SUSE Studio Onsite 1.3:nginx-1.0-1.0.15-0.35.3.1.x86_64", "SUSE WebYast 1.3:nginx-1.0-1.0.15-0.35.3.1.i586", "SUSE WebYast 1.3:nginx-1.0-1.0.15-0.35.3.1.ia64", "SUSE WebYast 1.3:nginx-1.0-1.0.15-0.35.3.1.ppc64", "SUSE WebYast 1.3:nginx-1.0-1.0.15-0.35.3.1.s390x", "SUSE WebYast 1.3:nginx-1.0-1.0.15-0.35.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-7529", url: "https://www.suse.com/security/cve/CVE-2017-7529", }, { category: "external", summary: "SUSE Bug 1048265 for CVE-2017-7529", url: "https://bugzilla.suse.com/1048265", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Lifecycle Management Server 1.3:nginx-1.0-1.0.15-0.35.3.1.x86_64", "SUSE Studio Onsite 1.3:nginx-1.0-1.0.15-0.35.3.1.x86_64", "SUSE WebYast 1.3:nginx-1.0-1.0.15-0.35.3.1.i586", "SUSE WebYast 1.3:nginx-1.0-1.0.15-0.35.3.1.ia64", "SUSE WebYast 1.3:nginx-1.0-1.0.15-0.35.3.1.ppc64", "SUSE WebYast 1.3:nginx-1.0-1.0.15-0.35.3.1.s390x", "SUSE WebYast 1.3:nginx-1.0-1.0.15-0.35.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Lifecycle Management Server 1.3:nginx-1.0-1.0.15-0.35.3.1.x86_64", "SUSE Studio Onsite 1.3:nginx-1.0-1.0.15-0.35.3.1.x86_64", "SUSE WebYast 1.3:nginx-1.0-1.0.15-0.35.3.1.i586", "SUSE WebYast 1.3:nginx-1.0-1.0.15-0.35.3.1.ia64", "SUSE WebYast 1.3:nginx-1.0-1.0.15-0.35.3.1.ppc64", "SUSE WebYast 1.3:nginx-1.0-1.0.15-0.35.3.1.s390x", "SUSE WebYast 1.3:nginx-1.0-1.0.15-0.35.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-09-07T14:38:39Z", details: "important", }, ], title: "CVE-2017-7529", }, ], }
rhsa-2017_2538
Vulnerability from csaf_redhat
Published
2017-08-28 21:59
Modified
2024-11-14 23:37
Summary
Red Hat Security Advisory: rh-nginx110-nginx security update
Notes
Topic
An update for rh-nginx110-nginx is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage.
Security Fix(es):
* A flaw within the processing of ranged HTTP requests has been discovered in the range filter module of nginx. A remote attacker could possibly exploit this flaw to disclose parts of the cache file header, or, if used in combination with third party modules, disclose potentially sensitive memory by sending specially crafted HTTP requests. (CVE-2017-7529)
Red Hat would like to thank the Nginx project for reporting this issue.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Low", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for rh-nginx110-nginx is now available for Red Hat Software Collections.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage.\n\nSecurity Fix(es):\n\n* A flaw within the processing of ranged HTTP requests has been discovered in the range filter module of nginx. A remote attacker could possibly exploit this flaw to disclose parts of the cache file header, or, if used in combination with third party modules, disclose potentially sensitive memory by sending specially crafted HTTP requests. (CVE-2017-7529)\n\nRed Hat would like to thank the Nginx project for reporting this issue.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2017:2538", url: "https://access.redhat.com/errata/RHSA-2017:2538", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#low", url: "https://access.redhat.com/security/updates/classification/#low", }, { category: "external", summary: "1468584", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1468584", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_2538.json", }, ], title: "Red Hat Security Advisory: rh-nginx110-nginx security update", tracking: { current_release_date: "2024-11-14T23:37:15+00:00", generator: { date: "2024-11-14T23:37:15+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2017:2538", initial_release_date: "2017-08-28T21:59:32+00:00", revision_history: [ { date: "2017-08-28T21:59:32+00:00", number: "1", summary: "Initial version", }, { date: "2017-08-28T21:59:32+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-14T23:37:15+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", product: { name: "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-RHSCL-2.4", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_software_collections:2::el6", }, }, }, { category: "product_name", name: "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", product: { name: "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-RHSCL-2.4", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_software_collections:2::el6", }, }, }, { category: "product_name", name: "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", product: { name: "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", product_id: "6Server-RHSCL-2.4-6.7.Z", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_software_collections:2::el6", }, }, }, { category: "product_name", name: "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", product: { name: "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-RHSCL-2.4", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_software_collections:2::el7", }, }, }, { category: "product_name", name: "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", product: { name: "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-RHSCL-2.4", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_software_collections:2::el7", }, }, }, { category: "product_name", name: "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", product: { name: "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", product_id: "7Server-RHSCL-2.4-7.3.Z", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_software_collections:2::el7", }, }, }, ], category: "product_family", name: "Red Hat Software Collections", }, { branches: [ { category: "product_version", name: "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64", product: { name: "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64", product_id: "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-nginx110-nginx-debuginfo@1.10.2-8.el6?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64", product: { name: "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64", product_id: "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-nginx110-nginx-mod-http-perl@1.10.2-8.el6?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64", product: { name: "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64", product_id: "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-nginx110-nginx-mod-stream@1.10.2-8.el6?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "rh-nginx110-nginx-1:1.10.2-8.el6.x86_64", product: { name: "rh-nginx110-nginx-1:1.10.2-8.el6.x86_64", product_id: "rh-nginx110-nginx-1:1.10.2-8.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-nginx110-nginx@1.10.2-8.el6?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64", product: { name: "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64", product_id: "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-nginx110-nginx-mod-http-xslt-filter@1.10.2-8.el6?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64", product: { name: "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64", product_id: "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-nginx110-nginx-mod-http-image-filter@1.10.2-8.el6?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64", product: { name: "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64", product_id: "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-nginx110-nginx-mod-mail@1.10.2-8.el6?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64", product: { name: "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64", product_id: "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-nginx110-nginx-debuginfo@1.10.2-8.el7?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64", product: { name: "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64", product_id: "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-nginx110-nginx-mod-http-perl@1.10.2-8.el7?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64", product: { name: "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64", product_id: "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-nginx110-nginx-mod-stream@1.10.2-8.el7?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "rh-nginx110-nginx-1:1.10.2-8.el7.x86_64", product: { name: "rh-nginx110-nginx-1:1.10.2-8.el7.x86_64", product_id: "rh-nginx110-nginx-1:1.10.2-8.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-nginx110-nginx@1.10.2-8.el7?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64", product: { name: "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64", product_id: "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-nginx110-nginx-mod-http-xslt-filter@1.10.2-8.el7?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64", product: { name: "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64", product_id: "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-nginx110-nginx-mod-mail@1.10.2-8.el7?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64", product: { name: "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64", product_id: "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-nginx110-nginx-mod-http-image-filter@1.10.2-8.el7?arch=x86_64&epoch=1", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "rh-nginx110-nginx-1:1.10.2-8.el6.src", product: { name: "rh-nginx110-nginx-1:1.10.2-8.el6.src", product_id: "rh-nginx110-nginx-1:1.10.2-8.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/rh-nginx110-nginx@1.10.2-8.el6?arch=src&epoch=1", }, }, }, { category: "product_version", name: "rh-nginx110-nginx-1:1.10.2-8.el7.src", product: { name: "rh-nginx110-nginx-1:1.10.2-8.el7.src", product_id: "rh-nginx110-nginx-1:1.10.2-8.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/rh-nginx110-nginx@1.10.2-8.el7?arch=src&epoch=1", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-1:1.10.2-8.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", product_id: "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-1:1.10.2-8.el6.src", }, product_reference: "rh-nginx110-nginx-1:1.10.2-8.el6.src", relates_to_product_reference: "6Server-RHSCL-2.4-6.7.Z", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", product_id: "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-1:1.10.2-8.el6.x86_64", }, product_reference: "rh-nginx110-nginx-1:1.10.2-8.el6.x86_64", relates_to_product_reference: "6Server-RHSCL-2.4-6.7.Z", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", product_id: "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64", }, product_reference: "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64", relates_to_product_reference: "6Server-RHSCL-2.4-6.7.Z", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", product_id: "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64", }, product_reference: "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64", relates_to_product_reference: "6Server-RHSCL-2.4-6.7.Z", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", product_id: "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64", }, product_reference: "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64", relates_to_product_reference: "6Server-RHSCL-2.4-6.7.Z", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", product_id: "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64", }, product_reference: "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64", relates_to_product_reference: "6Server-RHSCL-2.4-6.7.Z", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", product_id: "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64", }, product_reference: "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64", relates_to_product_reference: "6Server-RHSCL-2.4-6.7.Z", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", product_id: "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64", }, product_reference: "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64", relates_to_product_reference: "6Server-RHSCL-2.4-6.7.Z", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-1:1.10.2-8.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el6.src", }, product_reference: "rh-nginx110-nginx-1:1.10.2-8.el6.src", relates_to_product_reference: "6Server-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el6.x86_64", }, product_reference: "rh-nginx110-nginx-1:1.10.2-8.el6.x86_64", relates_to_product_reference: "6Server-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-RHSCL-2.4:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64", }, product_reference: "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64", relates_to_product_reference: "6Server-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64", }, product_reference: "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64", relates_to_product_reference: "6Server-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64", }, product_reference: "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64", relates_to_product_reference: "6Server-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64", }, product_reference: "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64", relates_to_product_reference: "6Server-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-RHSCL-2.4:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64", }, product_reference: "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64", relates_to_product_reference: "6Server-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-RHSCL-2.4:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64", }, product_reference: "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64", relates_to_product_reference: "6Server-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-1:1.10.2-8.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el6.src", }, product_reference: "rh-nginx110-nginx-1:1.10.2-8.el6.src", relates_to_product_reference: "6Workstation-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el6.x86_64", }, product_reference: "rh-nginx110-nginx-1:1.10.2-8.el6.x86_64", relates_to_product_reference: "6Workstation-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-RHSCL-2.4:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64", }, product_reference: "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64", relates_to_product_reference: "6Workstation-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64", }, product_reference: "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64", relates_to_product_reference: "6Workstation-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64", }, product_reference: "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64", relates_to_product_reference: "6Workstation-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64", }, product_reference: "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64", relates_to_product_reference: "6Workstation-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64", }, product_reference: "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64", relates_to_product_reference: "6Workstation-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64", }, product_reference: "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64", relates_to_product_reference: "6Workstation-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-1:1.10.2-8.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", product_id: "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-1:1.10.2-8.el7.src", }, product_reference: "rh-nginx110-nginx-1:1.10.2-8.el7.src", relates_to_product_reference: "7Server-RHSCL-2.4-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", product_id: "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-1:1.10.2-8.el7.x86_64", }, product_reference: "rh-nginx110-nginx-1:1.10.2-8.el7.x86_64", relates_to_product_reference: "7Server-RHSCL-2.4-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", product_id: "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64", }, product_reference: "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64", relates_to_product_reference: "7Server-RHSCL-2.4-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", product_id: "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64", }, product_reference: "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64", relates_to_product_reference: "7Server-RHSCL-2.4-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", product_id: "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64", }, product_reference: "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64", relates_to_product_reference: "7Server-RHSCL-2.4-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", product_id: "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64", }, product_reference: "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64", relates_to_product_reference: "7Server-RHSCL-2.4-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", product_id: "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64", }, product_reference: "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64", relates_to_product_reference: "7Server-RHSCL-2.4-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", product_id: "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64", }, product_reference: "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64", relates_to_product_reference: "7Server-RHSCL-2.4-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-1:1.10.2-8.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el7.src", }, product_reference: "rh-nginx110-nginx-1:1.10.2-8.el7.src", relates_to_product_reference: "7Server-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el7.x86_64", }, product_reference: "rh-nginx110-nginx-1:1.10.2-8.el7.x86_64", relates_to_product_reference: "7Server-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-RHSCL-2.4:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64", }, product_reference: "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64", relates_to_product_reference: "7Server-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64", }, product_reference: "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64", relates_to_product_reference: "7Server-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64", }, product_reference: "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64", relates_to_product_reference: "7Server-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64", }, product_reference: "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64", relates_to_product_reference: "7Server-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-RHSCL-2.4:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64", }, product_reference: "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64", relates_to_product_reference: "7Server-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-RHSCL-2.4:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64", }, product_reference: "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64", relates_to_product_reference: "7Server-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-1:1.10.2-8.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el7.src", }, product_reference: "rh-nginx110-nginx-1:1.10.2-8.el7.src", relates_to_product_reference: "7Workstation-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el7.x86_64", }, product_reference: "rh-nginx110-nginx-1:1.10.2-8.el7.x86_64", relates_to_product_reference: "7Workstation-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-RHSCL-2.4:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64", }, product_reference: "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64", relates_to_product_reference: "7Workstation-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64", }, product_reference: "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64", relates_to_product_reference: "7Workstation-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64", }, product_reference: "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64", relates_to_product_reference: "7Workstation-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64", }, product_reference: "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64", relates_to_product_reference: "7Workstation-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64", }, product_reference: "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64", relates_to_product_reference: "7Workstation-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64", }, product_reference: "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64", relates_to_product_reference: "7Workstation-RHSCL-2.4", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "the Nginx project", ], }, ], cve: "CVE-2017-7529", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, discovery_date: "2017-06-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1468584", }, ], notes: [ { category: "description", text: "A flaw within the processing of ranged HTTP requests has been discovered in the range filter module of nginx. A remote attacker could possibly exploit this flaw to disclose parts of the cache file header, or, if used in combination with third party modules, disclose potentially sensitive memory by sending specially crafted HTTP requests.", title: "Vulnerability description", }, { category: "summary", text: "nginx: Integer overflow in nginx range filter module leading to memory disclosure", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-1:1.10.2-8.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el6.src", "6Server-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el6.src", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el6.x86_64", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-1:1.10.2-8.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el7.src", "7Server-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el7.src", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el7.x86_64", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-7529", }, { category: "external", summary: "RHBZ#1468584", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1468584", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-7529", url: "https://www.cve.org/CVERecord?id=CVE-2017-7529", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-7529", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-7529", }, { category: "external", summary: "http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html", url: "http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html", }, ], release_date: "2017-07-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-08-28T21:59:32+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-1:1.10.2-8.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el6.src", "6Server-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el6.src", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el6.x86_64", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-1:1.10.2-8.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el7.src", "7Server-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el7.src", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el7.x86_64", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:2538", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-1:1.10.2-8.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el6.src", "6Server-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el6.src", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el6.x86_64", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-1:1.10.2-8.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el7.src", "7Server-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el7.src", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el7.x86_64", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "nginx: Integer overflow in nginx range filter module leading to memory disclosure", }, ], }
rhsa-2017:2538
Vulnerability from csaf_redhat
Published
2017-08-28 21:59
Modified
2024-11-14 23:37
Summary
Red Hat Security Advisory: rh-nginx110-nginx security update
Notes
Topic
An update for rh-nginx110-nginx is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage.
Security Fix(es):
* A flaw within the processing of ranged HTTP requests has been discovered in the range filter module of nginx. A remote attacker could possibly exploit this flaw to disclose parts of the cache file header, or, if used in combination with third party modules, disclose potentially sensitive memory by sending specially crafted HTTP requests. (CVE-2017-7529)
Red Hat would like to thank the Nginx project for reporting this issue.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Low", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for rh-nginx110-nginx is now available for Red Hat Software Collections.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage.\n\nSecurity Fix(es):\n\n* A flaw within the processing of ranged HTTP requests has been discovered in the range filter module of nginx. A remote attacker could possibly exploit this flaw to disclose parts of the cache file header, or, if used in combination with third party modules, disclose potentially sensitive memory by sending specially crafted HTTP requests. (CVE-2017-7529)\n\nRed Hat would like to thank the Nginx project for reporting this issue.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2017:2538", url: "https://access.redhat.com/errata/RHSA-2017:2538", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#low", url: "https://access.redhat.com/security/updates/classification/#low", }, { category: "external", summary: "1468584", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1468584", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_2538.json", }, ], title: "Red Hat Security Advisory: rh-nginx110-nginx security update", tracking: { current_release_date: "2024-11-14T23:37:15+00:00", generator: { date: "2024-11-14T23:37:15+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2017:2538", initial_release_date: "2017-08-28T21:59:32+00:00", revision_history: [ { date: "2017-08-28T21:59:32+00:00", number: "1", summary: "Initial version", }, { date: "2017-08-28T21:59:32+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-14T23:37:15+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", product: { name: "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-RHSCL-2.4", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_software_collections:2::el6", }, }, }, { category: "product_name", name: "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", product: { name: "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-RHSCL-2.4", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_software_collections:2::el6", }, }, }, { category: "product_name", name: "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", product: { name: "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", product_id: "6Server-RHSCL-2.4-6.7.Z", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_software_collections:2::el6", }, }, }, { category: "product_name", name: "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", product: { name: "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-RHSCL-2.4", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_software_collections:2::el7", }, }, }, { category: "product_name", name: "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", product: { name: "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-RHSCL-2.4", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_software_collections:2::el7", }, }, }, { category: "product_name", name: "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", product: { name: "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", product_id: "7Server-RHSCL-2.4-7.3.Z", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_software_collections:2::el7", }, }, }, ], category: "product_family", name: "Red Hat Software Collections", }, { branches: [ { category: "product_version", name: "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64", product: { name: "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64", product_id: "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-nginx110-nginx-debuginfo@1.10.2-8.el6?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64", product: { name: "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64", product_id: "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-nginx110-nginx-mod-http-perl@1.10.2-8.el6?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64", product: { name: "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64", product_id: "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-nginx110-nginx-mod-stream@1.10.2-8.el6?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "rh-nginx110-nginx-1:1.10.2-8.el6.x86_64", product: { name: "rh-nginx110-nginx-1:1.10.2-8.el6.x86_64", product_id: "rh-nginx110-nginx-1:1.10.2-8.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-nginx110-nginx@1.10.2-8.el6?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64", product: { name: "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64", product_id: "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-nginx110-nginx-mod-http-xslt-filter@1.10.2-8.el6?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64", product: { name: "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64", product_id: "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-nginx110-nginx-mod-http-image-filter@1.10.2-8.el6?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64", product: { name: "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64", product_id: "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-nginx110-nginx-mod-mail@1.10.2-8.el6?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64", product: { name: "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64", product_id: "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-nginx110-nginx-debuginfo@1.10.2-8.el7?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64", product: { name: "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64", product_id: "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-nginx110-nginx-mod-http-perl@1.10.2-8.el7?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64", product: { name: "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64", product_id: "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-nginx110-nginx-mod-stream@1.10.2-8.el7?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "rh-nginx110-nginx-1:1.10.2-8.el7.x86_64", product: { name: "rh-nginx110-nginx-1:1.10.2-8.el7.x86_64", product_id: "rh-nginx110-nginx-1:1.10.2-8.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-nginx110-nginx@1.10.2-8.el7?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64", product: { name: "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64", product_id: "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-nginx110-nginx-mod-http-xslt-filter@1.10.2-8.el7?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64", product: { name: "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64", product_id: "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-nginx110-nginx-mod-mail@1.10.2-8.el7?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64", product: { name: "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64", product_id: "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-nginx110-nginx-mod-http-image-filter@1.10.2-8.el7?arch=x86_64&epoch=1", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "rh-nginx110-nginx-1:1.10.2-8.el6.src", product: { name: "rh-nginx110-nginx-1:1.10.2-8.el6.src", product_id: "rh-nginx110-nginx-1:1.10.2-8.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/rh-nginx110-nginx@1.10.2-8.el6?arch=src&epoch=1", }, }, }, { category: "product_version", name: "rh-nginx110-nginx-1:1.10.2-8.el7.src", product: { name: "rh-nginx110-nginx-1:1.10.2-8.el7.src", product_id: "rh-nginx110-nginx-1:1.10.2-8.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/rh-nginx110-nginx@1.10.2-8.el7?arch=src&epoch=1", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-1:1.10.2-8.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", product_id: "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-1:1.10.2-8.el6.src", }, product_reference: "rh-nginx110-nginx-1:1.10.2-8.el6.src", relates_to_product_reference: "6Server-RHSCL-2.4-6.7.Z", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", product_id: "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-1:1.10.2-8.el6.x86_64", }, product_reference: "rh-nginx110-nginx-1:1.10.2-8.el6.x86_64", relates_to_product_reference: "6Server-RHSCL-2.4-6.7.Z", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", product_id: "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64", }, product_reference: "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64", relates_to_product_reference: "6Server-RHSCL-2.4-6.7.Z", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", product_id: "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64", }, product_reference: "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64", relates_to_product_reference: "6Server-RHSCL-2.4-6.7.Z", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", product_id: "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64", }, product_reference: "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64", relates_to_product_reference: "6Server-RHSCL-2.4-6.7.Z", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", product_id: "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64", }, product_reference: "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64", relates_to_product_reference: "6Server-RHSCL-2.4-6.7.Z", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", product_id: "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64", }, product_reference: "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64", relates_to_product_reference: "6Server-RHSCL-2.4-6.7.Z", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", product_id: "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64", }, product_reference: "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64", relates_to_product_reference: "6Server-RHSCL-2.4-6.7.Z", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-1:1.10.2-8.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el6.src", }, product_reference: "rh-nginx110-nginx-1:1.10.2-8.el6.src", relates_to_product_reference: "6Server-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el6.x86_64", }, product_reference: "rh-nginx110-nginx-1:1.10.2-8.el6.x86_64", relates_to_product_reference: "6Server-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-RHSCL-2.4:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64", }, product_reference: "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64", relates_to_product_reference: "6Server-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64", }, product_reference: "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64", relates_to_product_reference: "6Server-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64", }, product_reference: "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64", relates_to_product_reference: "6Server-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64", }, product_reference: "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64", relates_to_product_reference: "6Server-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-RHSCL-2.4:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64", }, product_reference: "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64", relates_to_product_reference: "6Server-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-RHSCL-2.4:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64", }, product_reference: "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64", relates_to_product_reference: "6Server-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-1:1.10.2-8.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el6.src", }, product_reference: "rh-nginx110-nginx-1:1.10.2-8.el6.src", relates_to_product_reference: "6Workstation-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el6.x86_64", }, product_reference: "rh-nginx110-nginx-1:1.10.2-8.el6.x86_64", relates_to_product_reference: "6Workstation-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-RHSCL-2.4:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64", }, product_reference: "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64", relates_to_product_reference: "6Workstation-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64", }, product_reference: "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64", relates_to_product_reference: "6Workstation-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64", }, product_reference: "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64", relates_to_product_reference: "6Workstation-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64", }, product_reference: "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64", relates_to_product_reference: "6Workstation-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64", }, product_reference: "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64", relates_to_product_reference: "6Workstation-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64", }, product_reference: "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64", relates_to_product_reference: "6Workstation-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-1:1.10.2-8.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", product_id: "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-1:1.10.2-8.el7.src", }, product_reference: "rh-nginx110-nginx-1:1.10.2-8.el7.src", relates_to_product_reference: "7Server-RHSCL-2.4-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", product_id: "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-1:1.10.2-8.el7.x86_64", }, product_reference: "rh-nginx110-nginx-1:1.10.2-8.el7.x86_64", relates_to_product_reference: "7Server-RHSCL-2.4-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", product_id: "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64", }, product_reference: "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64", relates_to_product_reference: "7Server-RHSCL-2.4-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", product_id: "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64", }, product_reference: "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64", relates_to_product_reference: "7Server-RHSCL-2.4-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", product_id: "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64", }, product_reference: "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64", relates_to_product_reference: "7Server-RHSCL-2.4-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", product_id: "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64", }, product_reference: "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64", relates_to_product_reference: "7Server-RHSCL-2.4-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", product_id: "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64", }, product_reference: "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64", relates_to_product_reference: "7Server-RHSCL-2.4-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", product_id: "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64", }, product_reference: "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64", relates_to_product_reference: "7Server-RHSCL-2.4-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-1:1.10.2-8.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el7.src", }, product_reference: "rh-nginx110-nginx-1:1.10.2-8.el7.src", relates_to_product_reference: "7Server-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el7.x86_64", }, product_reference: "rh-nginx110-nginx-1:1.10.2-8.el7.x86_64", relates_to_product_reference: "7Server-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-RHSCL-2.4:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64", }, product_reference: "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64", relates_to_product_reference: "7Server-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64", }, product_reference: "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64", relates_to_product_reference: "7Server-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64", }, product_reference: "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64", relates_to_product_reference: "7Server-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64", }, product_reference: "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64", relates_to_product_reference: "7Server-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-RHSCL-2.4:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64", }, product_reference: "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64", relates_to_product_reference: "7Server-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-RHSCL-2.4:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64", }, product_reference: "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64", relates_to_product_reference: "7Server-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-1:1.10.2-8.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el7.src", }, product_reference: "rh-nginx110-nginx-1:1.10.2-8.el7.src", relates_to_product_reference: "7Workstation-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el7.x86_64", }, product_reference: "rh-nginx110-nginx-1:1.10.2-8.el7.x86_64", relates_to_product_reference: "7Workstation-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-RHSCL-2.4:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64", }, product_reference: "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64", relates_to_product_reference: "7Workstation-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64", }, product_reference: "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64", relates_to_product_reference: "7Workstation-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64", }, product_reference: "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64", relates_to_product_reference: "7Workstation-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64", }, product_reference: "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64", relates_to_product_reference: "7Workstation-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64", }, product_reference: "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64", relates_to_product_reference: "7Workstation-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64", }, product_reference: "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64", relates_to_product_reference: "7Workstation-RHSCL-2.4", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "the Nginx project", ], }, ], cve: "CVE-2017-7529", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, discovery_date: "2017-06-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1468584", }, ], notes: [ { category: "description", text: "A flaw within the processing of ranged HTTP requests has been discovered in the range filter module of nginx. A remote attacker could possibly exploit this flaw to disclose parts of the cache file header, or, if used in combination with third party modules, disclose potentially sensitive memory by sending specially crafted HTTP requests.", title: "Vulnerability description", }, { category: "summary", text: "nginx: Integer overflow in nginx range filter module leading to memory disclosure", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-1:1.10.2-8.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el6.src", "6Server-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el6.src", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el6.x86_64", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-1:1.10.2-8.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el7.src", "7Server-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el7.src", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el7.x86_64", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-7529", }, { category: "external", summary: "RHBZ#1468584", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1468584", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-7529", url: "https://www.cve.org/CVERecord?id=CVE-2017-7529", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-7529", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-7529", }, { category: "external", summary: "http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html", url: "http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html", }, ], release_date: "2017-07-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-08-28T21:59:32+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-1:1.10.2-8.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el6.src", "6Server-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el6.src", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el6.x86_64", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-1:1.10.2-8.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el7.src", "7Server-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el7.src", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el7.x86_64", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:2538", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-1:1.10.2-8.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el6.src", "6Server-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el6.src", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el6.x86_64", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-1:1.10.2-8.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el7.src", "7Server-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el7.src", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el7.x86_64", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "nginx: Integer overflow in nginx range filter module leading to memory disclosure", }, ], }
RHSA-2017:2538
Vulnerability from csaf_redhat
Published
2017-08-28 21:59
Modified
2024-11-14 23:37
Summary
Red Hat Security Advisory: rh-nginx110-nginx security update
Notes
Topic
An update for rh-nginx110-nginx is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage.
Security Fix(es):
* A flaw within the processing of ranged HTTP requests has been discovered in the range filter module of nginx. A remote attacker could possibly exploit this flaw to disclose parts of the cache file header, or, if used in combination with third party modules, disclose potentially sensitive memory by sending specially crafted HTTP requests. (CVE-2017-7529)
Red Hat would like to thank the Nginx project for reporting this issue.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Low", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for rh-nginx110-nginx is now available for Red Hat Software Collections.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage.\n\nSecurity Fix(es):\n\n* A flaw within the processing of ranged HTTP requests has been discovered in the range filter module of nginx. A remote attacker could possibly exploit this flaw to disclose parts of the cache file header, or, if used in combination with third party modules, disclose potentially sensitive memory by sending specially crafted HTTP requests. (CVE-2017-7529)\n\nRed Hat would like to thank the Nginx project for reporting this issue.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2017:2538", url: "https://access.redhat.com/errata/RHSA-2017:2538", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#low", url: "https://access.redhat.com/security/updates/classification/#low", }, { category: "external", summary: "1468584", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1468584", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_2538.json", }, ], title: "Red Hat Security Advisory: rh-nginx110-nginx security update", tracking: { current_release_date: "2024-11-14T23:37:15+00:00", generator: { date: "2024-11-14T23:37:15+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2017:2538", initial_release_date: "2017-08-28T21:59:32+00:00", revision_history: [ { date: "2017-08-28T21:59:32+00:00", number: "1", summary: "Initial version", }, { date: "2017-08-28T21:59:32+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-14T23:37:15+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", product: { name: "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-RHSCL-2.4", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_software_collections:2::el6", }, }, }, { category: "product_name", name: "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", product: { name: "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-RHSCL-2.4", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_software_collections:2::el6", }, }, }, { category: "product_name", name: "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", product: { name: "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", product_id: "6Server-RHSCL-2.4-6.7.Z", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_software_collections:2::el6", }, }, }, { category: "product_name", name: "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", product: { name: "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-RHSCL-2.4", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_software_collections:2::el7", }, }, }, { category: "product_name", name: "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", product: { name: "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-RHSCL-2.4", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_software_collections:2::el7", }, }, }, { category: "product_name", name: "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", product: { name: "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", product_id: "7Server-RHSCL-2.4-7.3.Z", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_software_collections:2::el7", }, }, }, ], category: "product_family", name: "Red Hat Software Collections", }, { branches: [ { category: "product_version", name: "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64", product: { name: "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64", product_id: "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-nginx110-nginx-debuginfo@1.10.2-8.el6?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64", product: { name: "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64", product_id: "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-nginx110-nginx-mod-http-perl@1.10.2-8.el6?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64", product: { name: "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64", product_id: "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-nginx110-nginx-mod-stream@1.10.2-8.el6?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "rh-nginx110-nginx-1:1.10.2-8.el6.x86_64", product: { name: "rh-nginx110-nginx-1:1.10.2-8.el6.x86_64", product_id: "rh-nginx110-nginx-1:1.10.2-8.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-nginx110-nginx@1.10.2-8.el6?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64", product: { name: "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64", product_id: "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-nginx110-nginx-mod-http-xslt-filter@1.10.2-8.el6?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64", product: { name: "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64", product_id: "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-nginx110-nginx-mod-http-image-filter@1.10.2-8.el6?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64", product: { name: "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64", product_id: "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-nginx110-nginx-mod-mail@1.10.2-8.el6?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64", product: { name: "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64", product_id: "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-nginx110-nginx-debuginfo@1.10.2-8.el7?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64", product: { name: "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64", product_id: "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-nginx110-nginx-mod-http-perl@1.10.2-8.el7?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64", product: { name: "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64", product_id: "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-nginx110-nginx-mod-stream@1.10.2-8.el7?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "rh-nginx110-nginx-1:1.10.2-8.el7.x86_64", product: { name: "rh-nginx110-nginx-1:1.10.2-8.el7.x86_64", product_id: "rh-nginx110-nginx-1:1.10.2-8.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-nginx110-nginx@1.10.2-8.el7?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64", product: { name: "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64", product_id: "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-nginx110-nginx-mod-http-xslt-filter@1.10.2-8.el7?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64", product: { name: "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64", product_id: "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-nginx110-nginx-mod-mail@1.10.2-8.el7?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64", product: { name: "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64", product_id: "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rh-nginx110-nginx-mod-http-image-filter@1.10.2-8.el7?arch=x86_64&epoch=1", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "rh-nginx110-nginx-1:1.10.2-8.el6.src", product: { name: "rh-nginx110-nginx-1:1.10.2-8.el6.src", product_id: "rh-nginx110-nginx-1:1.10.2-8.el6.src", product_identification_helper: { purl: "pkg:rpm/redhat/rh-nginx110-nginx@1.10.2-8.el6?arch=src&epoch=1", }, }, }, { category: "product_version", name: "rh-nginx110-nginx-1:1.10.2-8.el7.src", product: { name: "rh-nginx110-nginx-1:1.10.2-8.el7.src", product_id: "rh-nginx110-nginx-1:1.10.2-8.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/rh-nginx110-nginx@1.10.2-8.el7?arch=src&epoch=1", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-1:1.10.2-8.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", product_id: "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-1:1.10.2-8.el6.src", }, product_reference: "rh-nginx110-nginx-1:1.10.2-8.el6.src", relates_to_product_reference: "6Server-RHSCL-2.4-6.7.Z", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", product_id: "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-1:1.10.2-8.el6.x86_64", }, product_reference: "rh-nginx110-nginx-1:1.10.2-8.el6.x86_64", relates_to_product_reference: "6Server-RHSCL-2.4-6.7.Z", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", product_id: "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64", }, product_reference: "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64", relates_to_product_reference: "6Server-RHSCL-2.4-6.7.Z", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", product_id: "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64", }, product_reference: "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64", relates_to_product_reference: "6Server-RHSCL-2.4-6.7.Z", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", product_id: "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64", }, product_reference: "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64", relates_to_product_reference: "6Server-RHSCL-2.4-6.7.Z", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", product_id: "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64", }, product_reference: "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64", relates_to_product_reference: "6Server-RHSCL-2.4-6.7.Z", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", product_id: "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64", }, product_reference: "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64", relates_to_product_reference: "6Server-RHSCL-2.4-6.7.Z", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", product_id: "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64", }, product_reference: "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64", relates_to_product_reference: "6Server-RHSCL-2.4-6.7.Z", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-1:1.10.2-8.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el6.src", }, product_reference: "rh-nginx110-nginx-1:1.10.2-8.el6.src", relates_to_product_reference: "6Server-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el6.x86_64", }, product_reference: "rh-nginx110-nginx-1:1.10.2-8.el6.x86_64", relates_to_product_reference: "6Server-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-RHSCL-2.4:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64", }, product_reference: "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64", relates_to_product_reference: "6Server-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64", }, product_reference: "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64", relates_to_product_reference: "6Server-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64", }, product_reference: "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64", relates_to_product_reference: "6Server-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64", }, product_reference: "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64", relates_to_product_reference: "6Server-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-RHSCL-2.4:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64", }, product_reference: "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64", relates_to_product_reference: "6Server-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", product_id: "6Server-RHSCL-2.4:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64", }, product_reference: "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64", relates_to_product_reference: "6Server-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-1:1.10.2-8.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el6.src", }, product_reference: "rh-nginx110-nginx-1:1.10.2-8.el6.src", relates_to_product_reference: "6Workstation-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el6.x86_64", }, product_reference: "rh-nginx110-nginx-1:1.10.2-8.el6.x86_64", relates_to_product_reference: "6Workstation-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-RHSCL-2.4:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64", }, product_reference: "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64", relates_to_product_reference: "6Workstation-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64", }, product_reference: "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64", relates_to_product_reference: "6Workstation-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64", }, product_reference: "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64", relates_to_product_reference: "6Workstation-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64", }, product_reference: "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64", relates_to_product_reference: "6Workstation-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64", }, product_reference: "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64", relates_to_product_reference: "6Workstation-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64", }, product_reference: "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64", relates_to_product_reference: "6Workstation-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-1:1.10.2-8.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", product_id: "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-1:1.10.2-8.el7.src", }, product_reference: "rh-nginx110-nginx-1:1.10.2-8.el7.src", relates_to_product_reference: "7Server-RHSCL-2.4-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", product_id: "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-1:1.10.2-8.el7.x86_64", }, product_reference: "rh-nginx110-nginx-1:1.10.2-8.el7.x86_64", relates_to_product_reference: "7Server-RHSCL-2.4-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", product_id: "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64", }, product_reference: "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64", relates_to_product_reference: "7Server-RHSCL-2.4-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", product_id: "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64", }, product_reference: "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64", relates_to_product_reference: "7Server-RHSCL-2.4-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", product_id: "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64", }, product_reference: "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64", relates_to_product_reference: "7Server-RHSCL-2.4-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", product_id: "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64", }, product_reference: "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64", relates_to_product_reference: "7Server-RHSCL-2.4-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", product_id: "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64", }, product_reference: "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64", relates_to_product_reference: "7Server-RHSCL-2.4-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", product_id: "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64", }, product_reference: "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64", relates_to_product_reference: "7Server-RHSCL-2.4-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-1:1.10.2-8.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el7.src", }, product_reference: "rh-nginx110-nginx-1:1.10.2-8.el7.src", relates_to_product_reference: "7Server-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el7.x86_64", }, product_reference: "rh-nginx110-nginx-1:1.10.2-8.el7.x86_64", relates_to_product_reference: "7Server-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-RHSCL-2.4:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64", }, product_reference: "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64", relates_to_product_reference: "7Server-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64", }, product_reference: "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64", relates_to_product_reference: "7Server-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64", }, product_reference: "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64", relates_to_product_reference: "7Server-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64", }, product_reference: "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64", relates_to_product_reference: "7Server-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-RHSCL-2.4:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64", }, product_reference: "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64", relates_to_product_reference: "7Server-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", product_id: "7Server-RHSCL-2.4:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64", }, product_reference: "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64", relates_to_product_reference: "7Server-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-1:1.10.2-8.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el7.src", }, product_reference: "rh-nginx110-nginx-1:1.10.2-8.el7.src", relates_to_product_reference: "7Workstation-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el7.x86_64", }, product_reference: "rh-nginx110-nginx-1:1.10.2-8.el7.x86_64", relates_to_product_reference: "7Workstation-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-RHSCL-2.4:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64", }, product_reference: "rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64", relates_to_product_reference: "7Workstation-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64", }, product_reference: "rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64", relates_to_product_reference: "7Workstation-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64", }, product_reference: "rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64", relates_to_product_reference: "7Workstation-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64", }, product_reference: "rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64", relates_to_product_reference: "7Workstation-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64", }, product_reference: "rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64", relates_to_product_reference: "7Workstation-RHSCL-2.4", }, { category: "default_component_of", full_product_name: { name: "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64", }, product_reference: "rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64", relates_to_product_reference: "7Workstation-RHSCL-2.4", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "the Nginx project", ], }, ], cve: "CVE-2017-7529", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, discovery_date: "2017-06-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1468584", }, ], notes: [ { category: "description", text: "A flaw within the processing of ranged HTTP requests has been discovered in the range filter module of nginx. A remote attacker could possibly exploit this flaw to disclose parts of the cache file header, or, if used in combination with third party modules, disclose potentially sensitive memory by sending specially crafted HTTP requests.", title: "Vulnerability description", }, { category: "summary", text: "nginx: Integer overflow in nginx range filter module leading to memory disclosure", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-1:1.10.2-8.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el6.src", "6Server-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el6.src", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el6.x86_64", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-1:1.10.2-8.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el7.src", "7Server-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el7.src", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el7.x86_64", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-7529", }, { category: "external", summary: "RHBZ#1468584", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1468584", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-7529", url: "https://www.cve.org/CVERecord?id=CVE-2017-7529", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-7529", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-7529", }, { category: "external", summary: "http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html", url: "http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html", }, ], release_date: "2017-07-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-08-28T21:59:32+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-1:1.10.2-8.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el6.src", "6Server-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el6.src", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el6.x86_64", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-1:1.10.2-8.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el7.src", "7Server-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el7.src", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el7.x86_64", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:2538", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-1:1.10.2-8.el6.src", "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4-6.7.Z:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el6.src", "6Server-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64", "6Server-RHSCL-2.4:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el6.src", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el6.x86_64", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el6.x86_64", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el6.x86_64", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el6.x86_64", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el6.x86_64", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el6.x86_64", "6Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el6.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-1:1.10.2-8.el7.src", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4-7.3.Z:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el7.src", "7Server-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64", "7Server-RHSCL-2.4:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el7.src", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-1:1.10.2-8.el7.x86_64", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-debuginfo-1:1.10.2-8.el7.x86_64", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-image-filter-1:1.10.2-8.el7.x86_64", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-perl-1:1.10.2-8.el7.x86_64", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-http-xslt-filter-1:1.10.2-8.el7.x86_64", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-mail-1:1.10.2-8.el7.x86_64", "7Workstation-RHSCL-2.4:rh-nginx110-nginx-mod-stream-1:1.10.2-8.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "nginx: Integer overflow in nginx range filter module leading to memory disclosure", }, ], }
opensuse-su-2024:11092-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
nginx-1.21.3-1.4 on GA media
Notes
Title of the patch
nginx-1.21.3-1.4 on GA media
Description of the patch
These are all security issues fixed in the nginx-1.21.3-1.4 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11092
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "nginx-1.21.3-1.4 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the nginx-1.21.3-1.4 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-11092", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11092-1.json", }, { category: "self", summary: "SUSE CVE CVE-2017-7529 page", url: "https://www.suse.com/security/cve/CVE-2017-7529/", }, { category: "self", summary: "SUSE CVE CVE-2018-16843 page", url: "https://www.suse.com/security/cve/CVE-2018-16843/", }, { category: "self", summary: "SUSE CVE CVE-2018-16845 page", url: "https://www.suse.com/security/cve/CVE-2018-16845/", }, { category: "self", summary: "SUSE CVE CVE-2019-20372 page", url: "https://www.suse.com/security/cve/CVE-2019-20372/", }, { category: "self", summary: "SUSE CVE CVE-2019-9511 page", url: "https://www.suse.com/security/cve/CVE-2019-9511/", }, { category: "self", summary: "SUSE CVE CVE-2019-9516 page", url: "https://www.suse.com/security/cve/CVE-2019-9516/", }, { category: "self", summary: "SUSE CVE CVE-2021-23017 page", url: "https://www.suse.com/security/cve/CVE-2021-23017/", }, ], title: "nginx-1.21.3-1.4 on GA media", tracking: { current_release_date: "2024-06-15T00:00:00Z", generator: { date: "2024-06-15T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:11092-1", initial_release_date: "2024-06-15T00:00:00Z", revision_history: [ { date: "2024-06-15T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "nginx-1.21.3-1.4.aarch64", product: { name: "nginx-1.21.3-1.4.aarch64", product_id: "nginx-1.21.3-1.4.aarch64", }, }, { category: "product_version", name: "nginx-source-1.21.3-1.4.aarch64", product: { name: "nginx-source-1.21.3-1.4.aarch64", product_id: "nginx-source-1.21.3-1.4.aarch64", }, }, { category: "product_version", name: "vim-plugin-nginx-1.21.3-1.4.aarch64", product: { name: "vim-plugin-nginx-1.21.3-1.4.aarch64", product_id: "vim-plugin-nginx-1.21.3-1.4.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "nginx-1.21.3-1.4.ppc64le", product: { name: "nginx-1.21.3-1.4.ppc64le", product_id: "nginx-1.21.3-1.4.ppc64le", }, }, { category: "product_version", name: "nginx-source-1.21.3-1.4.ppc64le", product: { name: "nginx-source-1.21.3-1.4.ppc64le", product_id: "nginx-source-1.21.3-1.4.ppc64le", }, }, { category: "product_version", name: "vim-plugin-nginx-1.21.3-1.4.ppc64le", product: { name: "vim-plugin-nginx-1.21.3-1.4.ppc64le", product_id: "vim-plugin-nginx-1.21.3-1.4.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "nginx-1.21.3-1.4.s390x", product: { name: "nginx-1.21.3-1.4.s390x", product_id: "nginx-1.21.3-1.4.s390x", }, }, { category: "product_version", name: "nginx-source-1.21.3-1.4.s390x", product: { name: "nginx-source-1.21.3-1.4.s390x", product_id: "nginx-source-1.21.3-1.4.s390x", }, }, { category: "product_version", name: "vim-plugin-nginx-1.21.3-1.4.s390x", product: { name: "vim-plugin-nginx-1.21.3-1.4.s390x", product_id: "vim-plugin-nginx-1.21.3-1.4.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "nginx-1.21.3-1.4.x86_64", product: { name: "nginx-1.21.3-1.4.x86_64", product_id: "nginx-1.21.3-1.4.x86_64", }, }, { category: "product_version", name: "nginx-source-1.21.3-1.4.x86_64", product: { name: "nginx-source-1.21.3-1.4.x86_64", product_id: "nginx-source-1.21.3-1.4.x86_64", }, }, { category: "product_version", name: "vim-plugin-nginx-1.21.3-1.4.x86_64", product: { name: "vim-plugin-nginx-1.21.3-1.4.x86_64", product_id: "vim-plugin-nginx-1.21.3-1.4.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "nginx-1.21.3-1.4.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:nginx-1.21.3-1.4.aarch64", }, product_reference: "nginx-1.21.3-1.4.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "nginx-1.21.3-1.4.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:nginx-1.21.3-1.4.ppc64le", }, product_reference: "nginx-1.21.3-1.4.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "nginx-1.21.3-1.4.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:nginx-1.21.3-1.4.s390x", }, product_reference: "nginx-1.21.3-1.4.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "nginx-1.21.3-1.4.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:nginx-1.21.3-1.4.x86_64", }, product_reference: "nginx-1.21.3-1.4.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "nginx-source-1.21.3-1.4.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.aarch64", }, product_reference: "nginx-source-1.21.3-1.4.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "nginx-source-1.21.3-1.4.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.ppc64le", }, product_reference: "nginx-source-1.21.3-1.4.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "nginx-source-1.21.3-1.4.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.s390x", }, product_reference: "nginx-source-1.21.3-1.4.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "nginx-source-1.21.3-1.4.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.x86_64", }, product_reference: "nginx-source-1.21.3-1.4.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "vim-plugin-nginx-1.21.3-1.4.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.aarch64", }, product_reference: "vim-plugin-nginx-1.21.3-1.4.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "vim-plugin-nginx-1.21.3-1.4.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.ppc64le", }, product_reference: "vim-plugin-nginx-1.21.3-1.4.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "vim-plugin-nginx-1.21.3-1.4.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.s390x", }, product_reference: "vim-plugin-nginx-1.21.3-1.4.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "vim-plugin-nginx-1.21.3-1.4.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.x86_64", }, product_reference: "vim-plugin-nginx-1.21.3-1.4.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2017-7529", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-7529", }, ], notes: [ { category: "general", text: "Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:nginx-1.21.3-1.4.aarch64", "openSUSE Tumbleweed:nginx-1.21.3-1.4.ppc64le", "openSUSE Tumbleweed:nginx-1.21.3-1.4.s390x", "openSUSE Tumbleweed:nginx-1.21.3-1.4.x86_64", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.aarch64", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.ppc64le", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.s390x", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.x86_64", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.aarch64", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.ppc64le", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.s390x", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-7529", url: "https://www.suse.com/security/cve/CVE-2017-7529", }, { category: "external", summary: "SUSE Bug 1048265 for CVE-2017-7529", url: "https://bugzilla.suse.com/1048265", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:nginx-1.21.3-1.4.aarch64", "openSUSE Tumbleweed:nginx-1.21.3-1.4.ppc64le", "openSUSE Tumbleweed:nginx-1.21.3-1.4.s390x", "openSUSE Tumbleweed:nginx-1.21.3-1.4.x86_64", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.aarch64", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.ppc64le", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.s390x", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.x86_64", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.aarch64", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.ppc64le", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.s390x", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:nginx-1.21.3-1.4.aarch64", "openSUSE Tumbleweed:nginx-1.21.3-1.4.ppc64le", "openSUSE Tumbleweed:nginx-1.21.3-1.4.s390x", "openSUSE Tumbleweed:nginx-1.21.3-1.4.x86_64", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.aarch64", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.ppc64le", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.s390x", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.x86_64", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.aarch64", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.ppc64le", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.s390x", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2017-7529", }, { cve: "CVE-2018-16843", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16843", }, ], notes: [ { category: "general", text: "nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:nginx-1.21.3-1.4.aarch64", "openSUSE Tumbleweed:nginx-1.21.3-1.4.ppc64le", "openSUSE Tumbleweed:nginx-1.21.3-1.4.s390x", "openSUSE Tumbleweed:nginx-1.21.3-1.4.x86_64", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.aarch64", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.ppc64le", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.s390x", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.x86_64", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.aarch64", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.ppc64le", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.s390x", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16843", url: "https://www.suse.com/security/cve/CVE-2018-16843", }, { category: "external", summary: "SUSE Bug 1115022 for CVE-2018-16843", url: "https://bugzilla.suse.com/1115022", }, { category: "external", summary: "SUSE Bug 1115025 for CVE-2018-16843", url: "https://bugzilla.suse.com/1115025", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:nginx-1.21.3-1.4.aarch64", "openSUSE Tumbleweed:nginx-1.21.3-1.4.ppc64le", "openSUSE Tumbleweed:nginx-1.21.3-1.4.s390x", "openSUSE Tumbleweed:nginx-1.21.3-1.4.x86_64", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.aarch64", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.ppc64le", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.s390x", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.x86_64", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.aarch64", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.ppc64le", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.s390x", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:nginx-1.21.3-1.4.aarch64", "openSUSE Tumbleweed:nginx-1.21.3-1.4.ppc64le", "openSUSE Tumbleweed:nginx-1.21.3-1.4.s390x", "openSUSE Tumbleweed:nginx-1.21.3-1.4.x86_64", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.aarch64", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.ppc64le", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.s390x", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.x86_64", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.aarch64", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.ppc64le", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.s390x", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-16843", }, { cve: "CVE-2018-16845", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16845", }, ], notes: [ { category: "general", text: "nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:nginx-1.21.3-1.4.aarch64", "openSUSE Tumbleweed:nginx-1.21.3-1.4.ppc64le", "openSUSE Tumbleweed:nginx-1.21.3-1.4.s390x", "openSUSE Tumbleweed:nginx-1.21.3-1.4.x86_64", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.aarch64", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.ppc64le", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.s390x", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.x86_64", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.aarch64", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.ppc64le", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.s390x", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16845", url: "https://www.suse.com/security/cve/CVE-2018-16845", }, { category: "external", summary: "SUSE Bug 1115015 for CVE-2018-16845", url: "https://bugzilla.suse.com/1115015", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:nginx-1.21.3-1.4.aarch64", "openSUSE Tumbleweed:nginx-1.21.3-1.4.ppc64le", "openSUSE Tumbleweed:nginx-1.21.3-1.4.s390x", "openSUSE Tumbleweed:nginx-1.21.3-1.4.x86_64", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.aarch64", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.ppc64le", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.s390x", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.x86_64", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.aarch64", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.ppc64le", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.s390x", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:nginx-1.21.3-1.4.aarch64", "openSUSE Tumbleweed:nginx-1.21.3-1.4.ppc64le", "openSUSE Tumbleweed:nginx-1.21.3-1.4.s390x", "openSUSE Tumbleweed:nginx-1.21.3-1.4.x86_64", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.aarch64", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.ppc64le", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.s390x", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.x86_64", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.aarch64", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.ppc64le", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.s390x", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2018-16845", }, { cve: "CVE-2019-20372", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-20372", }, ], notes: [ { category: "general", text: "NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:nginx-1.21.3-1.4.aarch64", "openSUSE Tumbleweed:nginx-1.21.3-1.4.ppc64le", "openSUSE Tumbleweed:nginx-1.21.3-1.4.s390x", "openSUSE Tumbleweed:nginx-1.21.3-1.4.x86_64", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.aarch64", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.ppc64le", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.s390x", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.x86_64", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.aarch64", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.ppc64le", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.s390x", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-20372", url: "https://www.suse.com/security/cve/CVE-2019-20372", }, { category: "external", summary: "SUSE Bug 1160682 for CVE-2019-20372", url: "https://bugzilla.suse.com/1160682", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:nginx-1.21.3-1.4.aarch64", "openSUSE Tumbleweed:nginx-1.21.3-1.4.ppc64le", "openSUSE Tumbleweed:nginx-1.21.3-1.4.s390x", "openSUSE Tumbleweed:nginx-1.21.3-1.4.x86_64", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.aarch64", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.ppc64le", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.s390x", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.x86_64", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.aarch64", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.ppc64le", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.s390x", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:nginx-1.21.3-1.4.aarch64", "openSUSE Tumbleweed:nginx-1.21.3-1.4.ppc64le", "openSUSE Tumbleweed:nginx-1.21.3-1.4.s390x", "openSUSE Tumbleweed:nginx-1.21.3-1.4.x86_64", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.aarch64", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.ppc64le", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.s390x", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.x86_64", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.aarch64", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.ppc64le", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.s390x", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-20372", }, { cve: "CVE-2019-9511", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-9511", }, ], notes: [ { category: "general", text: "Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:nginx-1.21.3-1.4.aarch64", "openSUSE Tumbleweed:nginx-1.21.3-1.4.ppc64le", "openSUSE Tumbleweed:nginx-1.21.3-1.4.s390x", "openSUSE Tumbleweed:nginx-1.21.3-1.4.x86_64", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.aarch64", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.ppc64le", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.s390x", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.x86_64", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.aarch64", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.ppc64le", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.s390x", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-9511", url: "https://www.suse.com/security/cve/CVE-2019-9511", }, { category: "external", summary: "SUSE Bug 1145579 for CVE-2019-9511", url: "https://bugzilla.suse.com/1145579", }, { category: "external", summary: "SUSE Bug 1146091 for CVE-2019-9511", url: "https://bugzilla.suse.com/1146091", }, { category: "external", summary: "SUSE Bug 1146182 for CVE-2019-9511", url: "https://bugzilla.suse.com/1146182", }, { category: "external", summary: "SUSE Bug 1193427 for CVE-2019-9511", url: "https://bugzilla.suse.com/1193427", }, { category: "external", summary: "SUSE Bug 1202787 for CVE-2019-9511", url: "https://bugzilla.suse.com/1202787", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:nginx-1.21.3-1.4.aarch64", "openSUSE Tumbleweed:nginx-1.21.3-1.4.ppc64le", "openSUSE Tumbleweed:nginx-1.21.3-1.4.s390x", "openSUSE Tumbleweed:nginx-1.21.3-1.4.x86_64", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.aarch64", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.ppc64le", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.s390x", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.x86_64", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.aarch64", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.ppc64le", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.s390x", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:nginx-1.21.3-1.4.aarch64", "openSUSE Tumbleweed:nginx-1.21.3-1.4.ppc64le", "openSUSE Tumbleweed:nginx-1.21.3-1.4.s390x", "openSUSE Tumbleweed:nginx-1.21.3-1.4.x86_64", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.aarch64", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.ppc64le", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.s390x", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.x86_64", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.aarch64", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.ppc64le", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.s390x", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2019-9511", }, { cve: "CVE-2019-9516", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-9516", }, ], notes: [ { category: "general", text: "Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:nginx-1.21.3-1.4.aarch64", "openSUSE Tumbleweed:nginx-1.21.3-1.4.ppc64le", "openSUSE Tumbleweed:nginx-1.21.3-1.4.s390x", "openSUSE Tumbleweed:nginx-1.21.3-1.4.x86_64", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.aarch64", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.ppc64le", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.s390x", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.x86_64", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.aarch64", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.ppc64le", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.s390x", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-9516", url: "https://www.suse.com/security/cve/CVE-2019-9516", }, { category: "external", summary: "SUSE Bug 1145582 for CVE-2019-9516", url: "https://bugzilla.suse.com/1145582", }, { category: "external", summary: "SUSE Bug 1146090 for CVE-2019-9516", url: "https://bugzilla.suse.com/1146090", }, { category: "external", summary: "SUSE Bug 1193427 for CVE-2019-9516", url: "https://bugzilla.suse.com/1193427", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:nginx-1.21.3-1.4.aarch64", "openSUSE Tumbleweed:nginx-1.21.3-1.4.ppc64le", "openSUSE Tumbleweed:nginx-1.21.3-1.4.s390x", "openSUSE Tumbleweed:nginx-1.21.3-1.4.x86_64", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.aarch64", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.ppc64le", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.s390x", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.x86_64", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.aarch64", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.ppc64le", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.s390x", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:nginx-1.21.3-1.4.aarch64", "openSUSE Tumbleweed:nginx-1.21.3-1.4.ppc64le", "openSUSE Tumbleweed:nginx-1.21.3-1.4.s390x", "openSUSE Tumbleweed:nginx-1.21.3-1.4.x86_64", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.aarch64", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.ppc64le", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.s390x", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.x86_64", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.aarch64", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.ppc64le", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.s390x", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2019-9516", }, { cve: "CVE-2021-23017", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-23017", }, ], notes: [ { category: "general", text: "A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:nginx-1.21.3-1.4.aarch64", "openSUSE Tumbleweed:nginx-1.21.3-1.4.ppc64le", "openSUSE Tumbleweed:nginx-1.21.3-1.4.s390x", "openSUSE Tumbleweed:nginx-1.21.3-1.4.x86_64", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.aarch64", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.ppc64le", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.s390x", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.x86_64", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.aarch64", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.ppc64le", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.s390x", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-23017", url: "https://www.suse.com/security/cve/CVE-2021-23017", }, { category: "external", summary: "SUSE Bug 1186126 for CVE-2021-23017", url: "https://bugzilla.suse.com/1186126", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:nginx-1.21.3-1.4.aarch64", "openSUSE Tumbleweed:nginx-1.21.3-1.4.ppc64le", "openSUSE Tumbleweed:nginx-1.21.3-1.4.s390x", "openSUSE Tumbleweed:nginx-1.21.3-1.4.x86_64", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.aarch64", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.ppc64le", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.s390x", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.x86_64", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.aarch64", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.ppc64le", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.s390x", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:nginx-1.21.3-1.4.aarch64", "openSUSE Tumbleweed:nginx-1.21.3-1.4.ppc64le", "openSUSE Tumbleweed:nginx-1.21.3-1.4.s390x", "openSUSE Tumbleweed:nginx-1.21.3-1.4.x86_64", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.aarch64", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.ppc64le", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.s390x", "openSUSE Tumbleweed:nginx-source-1.21.3-1.4.x86_64", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.aarch64", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.ppc64le", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.s390x", "openSUSE Tumbleweed:vim-plugin-nginx-1.21.3-1.4.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2021-23017", }, ], }
opensuse-su-2024:11341-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
ruby2.7-rubygem-passenger-6.0.8-3.2 on GA media
Notes
Title of the patch
ruby2.7-rubygem-passenger-6.0.8-3.2 on GA media
Description of the patch
These are all security issues fixed in the ruby2.7-rubygem-passenger-6.0.8-3.2 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11341
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "ruby2.7-rubygem-passenger-6.0.8-3.2 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the ruby2.7-rubygem-passenger-6.0.8-3.2 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-11341", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11341-1.json", }, { category: "self", summary: "SUSE CVE CVE-2013-2119 page", url: "https://www.suse.com/security/cve/CVE-2013-2119/", }, { category: "self", summary: "SUSE CVE CVE-2013-4547 page", url: "https://www.suse.com/security/cve/CVE-2013-4547/", }, { category: "self", summary: "SUSE CVE CVE-2014-1831 page", url: "https://www.suse.com/security/cve/CVE-2014-1831/", }, { category: "self", summary: "SUSE CVE CVE-2014-1832 page", url: "https://www.suse.com/security/cve/CVE-2014-1832/", }, { category: "self", summary: "SUSE CVE CVE-2015-7519 page", url: "https://www.suse.com/security/cve/CVE-2015-7519/", }, { category: "self", summary: "SUSE CVE CVE-2016-1247 page", url: "https://www.suse.com/security/cve/CVE-2016-1247/", }, { category: "self", summary: "SUSE CVE CVE-2017-7529 page", url: "https://www.suse.com/security/cve/CVE-2017-7529/", }, { category: "self", summary: "SUSE CVE CVE-2018-12026 page", url: "https://www.suse.com/security/cve/CVE-2018-12026/", }, { category: "self", summary: "SUSE CVE CVE-2018-12029 page", url: "https://www.suse.com/security/cve/CVE-2018-12029/", }, ], title: "ruby2.7-rubygem-passenger-6.0.8-3.2 on GA media", tracking: { current_release_date: "2024-06-15T00:00:00Z", generator: { date: "2024-06-15T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:11341-1", initial_release_date: "2024-06-15T00:00:00Z", revision_history: [ { date: "2024-06-15T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "ruby2.7-rubygem-passenger-6.0.8-3.2.aarch64", product: { name: "ruby2.7-rubygem-passenger-6.0.8-3.2.aarch64", product_id: "ruby2.7-rubygem-passenger-6.0.8-3.2.aarch64", }, }, { category: "product_version", name: "ruby3.0-rubygem-passenger-6.0.8-3.2.aarch64", product: { name: "ruby3.0-rubygem-passenger-6.0.8-3.2.aarch64", product_id: "ruby3.0-rubygem-passenger-6.0.8-3.2.aarch64", }, }, { category: "product_version", name: "rubygem-passenger-6.0.8-3.2.aarch64", product: { name: "rubygem-passenger-6.0.8-3.2.aarch64", product_id: "rubygem-passenger-6.0.8-3.2.aarch64", }, }, { category: "product_version", name: "rubygem-passenger-apache2-6.0.8-3.2.aarch64", product: { name: "rubygem-passenger-apache2-6.0.8-3.2.aarch64", product_id: "rubygem-passenger-apache2-6.0.8-3.2.aarch64", }, }, { category: "product_version", name: "rubygem-passenger-nginx-6.0.8-3.2.aarch64", product: { name: "rubygem-passenger-nginx-6.0.8-3.2.aarch64", product_id: "rubygem-passenger-nginx-6.0.8-3.2.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "ruby2.7-rubygem-passenger-6.0.8-3.2.ppc64le", product: { name: "ruby2.7-rubygem-passenger-6.0.8-3.2.ppc64le", product_id: "ruby2.7-rubygem-passenger-6.0.8-3.2.ppc64le", }, }, { category: "product_version", name: "ruby3.0-rubygem-passenger-6.0.8-3.2.ppc64le", product: { name: "ruby3.0-rubygem-passenger-6.0.8-3.2.ppc64le", product_id: "ruby3.0-rubygem-passenger-6.0.8-3.2.ppc64le", }, }, { category: "product_version", name: "rubygem-passenger-6.0.8-3.2.ppc64le", product: { name: "rubygem-passenger-6.0.8-3.2.ppc64le", product_id: "rubygem-passenger-6.0.8-3.2.ppc64le", }, }, { category: "product_version", name: "rubygem-passenger-apache2-6.0.8-3.2.ppc64le", product: { name: "rubygem-passenger-apache2-6.0.8-3.2.ppc64le", product_id: "rubygem-passenger-apache2-6.0.8-3.2.ppc64le", }, }, { category: "product_version", name: "rubygem-passenger-nginx-6.0.8-3.2.ppc64le", product: { name: "rubygem-passenger-nginx-6.0.8-3.2.ppc64le", product_id: "rubygem-passenger-nginx-6.0.8-3.2.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "ruby2.7-rubygem-passenger-6.0.8-3.2.s390x", product: { name: "ruby2.7-rubygem-passenger-6.0.8-3.2.s390x", product_id: "ruby2.7-rubygem-passenger-6.0.8-3.2.s390x", }, }, { category: "product_version", name: "ruby3.0-rubygem-passenger-6.0.8-3.2.s390x", product: { name: "ruby3.0-rubygem-passenger-6.0.8-3.2.s390x", product_id: "ruby3.0-rubygem-passenger-6.0.8-3.2.s390x", }, }, { category: "product_version", name: "rubygem-passenger-6.0.8-3.2.s390x", product: { name: "rubygem-passenger-6.0.8-3.2.s390x", product_id: "rubygem-passenger-6.0.8-3.2.s390x", }, }, { category: "product_version", name: "rubygem-passenger-apache2-6.0.8-3.2.s390x", product: { name: "rubygem-passenger-apache2-6.0.8-3.2.s390x", product_id: "rubygem-passenger-apache2-6.0.8-3.2.s390x", }, }, { category: "product_version", name: "rubygem-passenger-nginx-6.0.8-3.2.s390x", product: { name: "rubygem-passenger-nginx-6.0.8-3.2.s390x", product_id: "rubygem-passenger-nginx-6.0.8-3.2.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "ruby2.7-rubygem-passenger-6.0.8-3.2.x86_64", product: { name: "ruby2.7-rubygem-passenger-6.0.8-3.2.x86_64", product_id: "ruby2.7-rubygem-passenger-6.0.8-3.2.x86_64", }, }, { category: "product_version", name: "ruby3.0-rubygem-passenger-6.0.8-3.2.x86_64", product: { name: "ruby3.0-rubygem-passenger-6.0.8-3.2.x86_64", product_id: "ruby3.0-rubygem-passenger-6.0.8-3.2.x86_64", }, }, { category: "product_version", name: "rubygem-passenger-6.0.8-3.2.x86_64", product: { name: "rubygem-passenger-6.0.8-3.2.x86_64", product_id: "rubygem-passenger-6.0.8-3.2.x86_64", }, }, { category: "product_version", name: "rubygem-passenger-apache2-6.0.8-3.2.x86_64", product: { name: "rubygem-passenger-apache2-6.0.8-3.2.x86_64", product_id: "rubygem-passenger-apache2-6.0.8-3.2.x86_64", }, }, { category: "product_version", name: "rubygem-passenger-nginx-6.0.8-3.2.x86_64", product: { name: "rubygem-passenger-nginx-6.0.8-3.2.x86_64", product_id: "rubygem-passenger-nginx-6.0.8-3.2.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ruby2.7-rubygem-passenger-6.0.8-3.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.aarch64", }, product_reference: "ruby2.7-rubygem-passenger-6.0.8-3.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby2.7-rubygem-passenger-6.0.8-3.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.ppc64le", }, product_reference: "ruby2.7-rubygem-passenger-6.0.8-3.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby2.7-rubygem-passenger-6.0.8-3.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.s390x", }, product_reference: "ruby2.7-rubygem-passenger-6.0.8-3.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby2.7-rubygem-passenger-6.0.8-3.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.x86_64", }, product_reference: "ruby2.7-rubygem-passenger-6.0.8-3.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby3.0-rubygem-passenger-6.0.8-3.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.aarch64", }, product_reference: "ruby3.0-rubygem-passenger-6.0.8-3.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby3.0-rubygem-passenger-6.0.8-3.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.ppc64le", }, product_reference: "ruby3.0-rubygem-passenger-6.0.8-3.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby3.0-rubygem-passenger-6.0.8-3.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.s390x", }, product_reference: "ruby3.0-rubygem-passenger-6.0.8-3.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby3.0-rubygem-passenger-6.0.8-3.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.x86_64", }, product_reference: "ruby3.0-rubygem-passenger-6.0.8-3.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "rubygem-passenger-6.0.8-3.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.aarch64", }, product_reference: "rubygem-passenger-6.0.8-3.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "rubygem-passenger-6.0.8-3.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.ppc64le", }, product_reference: "rubygem-passenger-6.0.8-3.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "rubygem-passenger-6.0.8-3.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.s390x", }, product_reference: "rubygem-passenger-6.0.8-3.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "rubygem-passenger-6.0.8-3.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.x86_64", }, product_reference: "rubygem-passenger-6.0.8-3.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "rubygem-passenger-apache2-6.0.8-3.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.aarch64", }, product_reference: "rubygem-passenger-apache2-6.0.8-3.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "rubygem-passenger-apache2-6.0.8-3.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.ppc64le", }, product_reference: "rubygem-passenger-apache2-6.0.8-3.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "rubygem-passenger-apache2-6.0.8-3.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.s390x", }, product_reference: "rubygem-passenger-apache2-6.0.8-3.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "rubygem-passenger-apache2-6.0.8-3.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.x86_64", }, product_reference: "rubygem-passenger-apache2-6.0.8-3.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "rubygem-passenger-nginx-6.0.8-3.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.aarch64", }, product_reference: "rubygem-passenger-nginx-6.0.8-3.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "rubygem-passenger-nginx-6.0.8-3.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.ppc64le", }, product_reference: "rubygem-passenger-nginx-6.0.8-3.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "rubygem-passenger-nginx-6.0.8-3.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.s390x", }, product_reference: "rubygem-passenger-nginx-6.0.8-3.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "rubygem-passenger-nginx-6.0.8-3.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.x86_64", }, product_reference: "rubygem-passenger-nginx-6.0.8-3.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2013-2119", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2013-2119", }, ], notes: [ { category: "general", text: "Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary \"config\" file in a directory with a predictable name in /tmp/ before it is used by the gem.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.s390x", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.s390x", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.s390x", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2013-2119", url: "https://www.suse.com/security/cve/CVE-2013-2119", }, { category: "external", summary: "SUSE Bug 828005 for CVE-2013-2119", url: "https://bugzilla.suse.com/828005", }, { category: "external", summary: "SUSE Bug 919726 for CVE-2013-2119", url: "https://bugzilla.suse.com/919726", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.s390x", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.s390x", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.s390x", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2013-2119", }, { cve: "CVE-2013-4547", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2013-4547", }, ], notes: [ { category: "general", text: "nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.s390x", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.s390x", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.s390x", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2013-4547", url: "https://www.suse.com/security/cve/CVE-2013-4547", }, { category: "external", summary: "SUSE Bug 851295 for CVE-2013-4547", url: "https://bugzilla.suse.com/851295", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.s390x", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.s390x", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.s390x", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2013-4547", }, { cve: "CVE-2014-1831", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-1831", }, ], notes: [ { category: "general", text: "Phusion Passenger before 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.s390x", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.s390x", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.s390x", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-1831", url: "https://www.suse.com/security/cve/CVE-2014-1831", }, { category: "external", summary: "SUSE Bug 860994 for CVE-2014-1831", url: "https://bugzilla.suse.com/860994", }, { category: "external", summary: "SUSE Bug 864352 for CVE-2014-1831", url: "https://bugzilla.suse.com/864352", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.s390x", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.s390x", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.s390x", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2014-1831", }, { cve: "CVE-2014-1832", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-1832", }, ], notes: [ { category: "general", text: "Phusion Passenger 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1831.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.s390x", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.s390x", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.s390x", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-1832", url: "https://www.suse.com/security/cve/CVE-2014-1832", }, { category: "external", summary: "SUSE Bug 860994 for CVE-2014-1832", url: "https://bugzilla.suse.com/860994", }, { category: "external", summary: "SUSE Bug 864352 for CVE-2014-1832", url: "https://bugzilla.suse.com/864352", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.s390x", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.s390x", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.s390x", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2014-1832", }, { cve: "CVE-2015-7519", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7519", }, ], notes: [ { category: "general", text: "agent/Core/Controller/SendRequest.cpp in Phusion Passenger before 4.0.60 and 5.0.x before 5.0.22, when used in Apache integration mode or in standalone mode without a filtering proxy, allows remote attackers to spoof headers passed to applications by using an _ (underscore) character instead of a - (dash) character in an HTTP header, as demonstrated by an X_User header.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.s390x", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.s390x", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.s390x", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7519", url: "https://www.suse.com/security/cve/CVE-2015-7519", }, { category: "external", summary: "SUSE Bug 956281 for CVE-2015-7519", url: "https://bugzilla.suse.com/956281", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.s390x", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.s390x", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.s390x", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-7519", }, { cve: "CVE-2016-1247", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-1247", }, ], notes: [ { category: "general", text: "The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1.10.2-r3 on Gentoo allow local users with access to the web server user account to gain root privileges via a symlink attack on the error log.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.s390x", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.s390x", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.s390x", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-1247", url: "https://www.suse.com/security/cve/CVE-2016-1247", }, { category: "external", summary: "SUSE Bug 1007000 for CVE-2016-1247", url: "https://bugzilla.suse.com/1007000", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.s390x", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.s390x", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.s390x", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.s390x", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.s390x", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.s390x", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-1247", }, { cve: "CVE-2017-7529", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-7529", }, ], notes: [ { category: "general", text: "Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.s390x", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.s390x", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.s390x", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-7529", url: "https://www.suse.com/security/cve/CVE-2017-7529", }, { category: "external", summary: "SUSE Bug 1048265 for CVE-2017-7529", url: "https://bugzilla.suse.com/1048265", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.s390x", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.s390x", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.s390x", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.s390x", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.s390x", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.s390x", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2017-7529", }, { cve: "CVE-2018-12026", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-12026", }, ], notes: [ { category: "general", text: "During the spawning of a malicious Passenger-managed application, SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows such applications to replace key files or directories in the spawning communication directory with symlinks. This then could result in arbitrary reads and writes, which in turn can result in information disclosure and privilege escalation.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.s390x", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.s390x", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.s390x", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-12026", url: "https://www.suse.com/security/cve/CVE-2018-12026", }, { category: "external", summary: "SUSE Bug 1097655 for CVE-2018-12026", url: "https://bugzilla.suse.com/1097655", }, { category: "external", summary: "SUSE Bug 1097663 for CVE-2018-12026", url: "https://bugzilla.suse.com/1097663", }, { category: "external", summary: "SUSE Bug 1097664 for CVE-2018-12026", url: "https://bugzilla.suse.com/1097664", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.s390x", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.s390x", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.s390x", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.s390x", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.s390x", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.s390x", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2018-12026", }, { cve: "CVE-2018-12029", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-12029", }, ], notes: [ { category: "general", text: "A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passenger_instance_registry_dir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but before it was chowned, leads to the target of the link being chowned via the path. Targeting sensitive files such as root's crontab file allows privilege escalation.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.s390x", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.s390x", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.s390x", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-12029", url: "https://www.suse.com/security/cve/CVE-2018-12029", }, { category: "external", summary: "SUSE Bug 1097655 for CVE-2018-12029", url: "https://bugzilla.suse.com/1097655", }, { category: "external", summary: "SUSE Bug 1097663 for CVE-2018-12029", url: "https://bugzilla.suse.com/1097663", }, { category: "external", summary: "SUSE Bug 1097664 for CVE-2018-12029", url: "https://bugzilla.suse.com/1097664", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.s390x", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.s390x", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.s390x", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-passenger-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-passenger-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.s390x", "openSUSE Tumbleweed:rubygem-passenger-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.s390x", "openSUSE Tumbleweed:rubygem-passenger-apache2-6.0.8-3.2.x86_64", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.aarch64", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.ppc64le", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.s390x", "openSUSE Tumbleweed:rubygem-passenger-nginx-6.0.8-3.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-12029", }, ], }
opensuse-su-2018:0813-1
Vulnerability from csaf_opensuse
Published
2018-03-26 10:15
Modified
2018-03-26 10:15
Summary
Security update for nginx
Notes
Title of the patch
Security update for nginx
Description of the patch
This update for nginx to version 1.13.9 fixes the following issues:
- CVE-2017-7529: nginx: Integer overflow in nginx range filter module allowed memory disclosure (bsc#1048265)
This update also contains all updates and improvements in 1.13.9 upstream release.
Patchnames
openSUSE-2018-310
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for nginx", title: "Title of the patch", }, { category: "description", text: "This update for nginx to version 1.13.9 fixes the following issues:\n\n- CVE-2017-7529: nginx: Integer overflow in nginx range filter module allowed memory disclosure (bsc#1048265)\n\nThis update also contains all updates and improvements in 1.13.9 upstream release.\n", title: "Description of the patch", }, { category: "details", text: "openSUSE-2018-310", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2018_0813-1.json", }, { category: "self", summary: "SUSE Bug 1048265", url: "https://bugzilla.suse.com/1048265", }, { category: "self", summary: "SUSE Bug 1057831", url: "https://bugzilla.suse.com/1057831", }, { category: "self", summary: "SUSE Bug 1059685", url: "https://bugzilla.suse.com/1059685", }, { category: "self", summary: "SUSE CVE CVE-2017-7529 page", url: "https://www.suse.com/security/cve/CVE-2017-7529/", }, ], title: "Security update for nginx", tracking: { current_release_date: "2018-03-26T10:15:33Z", generator: { date: "2018-03-26T10:15:33Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2018:0813-1", initial_release_date: "2018-03-26T10:15:33Z", revision_history: [ { date: "2018-03-26T10:15:33Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "nginx-1.13.9-12.1.aarch64", product: { name: "nginx-1.13.9-12.1.aarch64", product_id: "nginx-1.13.9-12.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "vim-plugin-nginx-1.13.9-12.1.noarch", product: { name: "vim-plugin-nginx-1.13.9-12.1.noarch", product_id: "vim-plugin-nginx-1.13.9-12.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "nginx-1.13.9-12.1.ppc64le", product: { name: "nginx-1.13.9-12.1.ppc64le", product_id: "nginx-1.13.9-12.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "nginx-1.13.9-12.1.s390x", product: { name: "nginx-1.13.9-12.1.s390x", product_id: "nginx-1.13.9-12.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "nginx-1.13.9-12.1.x86_64", product: { name: "nginx-1.13.9-12.1.x86_64", product_id: "nginx-1.13.9-12.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Package Hub 12", product: { name: "SUSE Package Hub 12", product_id: "SUSE Package Hub 12", product_identification_helper: { cpe: "cpe:/o:suse:packagehub:12", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "nginx-1.13.9-12.1.aarch64 as component of SUSE Package Hub 12", product_id: "SUSE Package Hub 12:nginx-1.13.9-12.1.aarch64", }, product_reference: "nginx-1.13.9-12.1.aarch64", relates_to_product_reference: "SUSE Package Hub 12", }, { category: "default_component_of", full_product_name: { name: "nginx-1.13.9-12.1.ppc64le as component of SUSE Package Hub 12", product_id: "SUSE Package Hub 12:nginx-1.13.9-12.1.ppc64le", }, product_reference: "nginx-1.13.9-12.1.ppc64le", relates_to_product_reference: "SUSE Package Hub 12", }, { category: "default_component_of", full_product_name: { name: "nginx-1.13.9-12.1.s390x as component of SUSE Package Hub 12", product_id: "SUSE Package Hub 12:nginx-1.13.9-12.1.s390x", }, product_reference: "nginx-1.13.9-12.1.s390x", relates_to_product_reference: "SUSE Package Hub 12", }, { category: "default_component_of", full_product_name: { name: "nginx-1.13.9-12.1.x86_64 as component of SUSE Package Hub 12", product_id: "SUSE Package Hub 12:nginx-1.13.9-12.1.x86_64", }, product_reference: "nginx-1.13.9-12.1.x86_64", relates_to_product_reference: "SUSE Package Hub 12", }, { category: "default_component_of", full_product_name: { name: "vim-plugin-nginx-1.13.9-12.1.noarch as component of SUSE Package Hub 12", product_id: "SUSE Package Hub 12:vim-plugin-nginx-1.13.9-12.1.noarch", }, product_reference: "vim-plugin-nginx-1.13.9-12.1.noarch", relates_to_product_reference: "SUSE Package Hub 12", }, ], }, vulnerabilities: [ { cve: "CVE-2017-7529", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-7529", }, ], notes: [ { category: "general", text: "Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 12:nginx-1.13.9-12.1.aarch64", "SUSE Package Hub 12:nginx-1.13.9-12.1.ppc64le", "SUSE Package Hub 12:nginx-1.13.9-12.1.s390x", "SUSE Package Hub 12:nginx-1.13.9-12.1.x86_64", "SUSE Package Hub 12:vim-plugin-nginx-1.13.9-12.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2017-7529", url: "https://www.suse.com/security/cve/CVE-2017-7529", }, { category: "external", summary: "SUSE Bug 1048265 for CVE-2017-7529", url: "https://bugzilla.suse.com/1048265", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 12:nginx-1.13.9-12.1.aarch64", "SUSE Package Hub 12:nginx-1.13.9-12.1.ppc64le", "SUSE Package Hub 12:nginx-1.13.9-12.1.s390x", "SUSE Package Hub 12:nginx-1.13.9-12.1.x86_64", "SUSE Package Hub 12:vim-plugin-nginx-1.13.9-12.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Package Hub 12:nginx-1.13.9-12.1.aarch64", "SUSE Package Hub 12:nginx-1.13.9-12.1.ppc64le", "SUSE Package Hub 12:nginx-1.13.9-12.1.s390x", "SUSE Package Hub 12:nginx-1.13.9-12.1.x86_64", "SUSE Package Hub 12:vim-plugin-nginx-1.13.9-12.1.noarch", ], }, ], threats: [ { category: "impact", date: "2018-03-26T10:15:33Z", details: "important", }, ], title: "CVE-2017-7529", }, ], }
var-201707-1309
Vulnerability from variot
Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request. nginx is prone to a remote integer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Attackers can exploit this issue to obtain sensitive information or may crash the application resulting in a denial-of-service condition. nginx 0.5.6 through 1.13.2 are vulnerable. Nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. The range filter module is one of the range filter modules.
For the oldstable distribution (jessie), this problem has been fixed in version 1.6.2-5+deb8u5.
For the stable distribution (stretch), this problem has been fixed in version 1.10.3-1+deb9u1.
For the unstable distribution (sid), this problem will be fixed soon.
We recommend that you upgrade your nginx packages.
Ubuntu Security Notice USN-3352-1 July 13, 2017
nginx vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04
- Ubuntu 16.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
nginx could be made to expose sensitive information over the network. A remote attacker could use this to expose sensitive information.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 17.04: nginx-common 1.10.3-1ubuntu3.1 nginx-core 1.10.3-1ubuntu3.1 nginx-extras 1.10.3-1ubuntu3.1 nginx-full 1.10.3-1ubuntu3.1 nginx-light 1.10.3-1ubuntu3.1
Ubuntu 16.10: nginx-common 1.10.1-0ubuntu1.3 nginx-core 1.10.1-0ubuntu1.3 nginx-extras 1.10.1-0ubuntu1.3 nginx-full 1.10.1-0ubuntu1.3 nginx-light 1.10.1-0ubuntu1.3
Ubuntu 16.04 LTS: nginx-common 1.10.3-0ubuntu0.16.04.2 nginx-core 1.10.3-0ubuntu0.16.04.2 nginx-extras 1.10.3-0ubuntu0.16.04.2 nginx-full 1.10.3-0ubuntu0.16.04.2 nginx-light 1.10.3-0ubuntu0.16.04.2
Ubuntu 14.04 LTS: nginx-common 1.4.6-1ubuntu3.8 nginx-core 1.4.6-1ubuntu3.8 nginx-extras 1.4.6-1ubuntu3.8 nginx-full 1.4.6-1ubuntu3.8 nginx-light 1.4.6-1ubuntu3.8
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Low: rh-nginx110-nginx security update Advisory ID: RHSA-2017:2538-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2017:2538 Issue date: 2017-08-28 CVE Names: CVE-2017-7529 =====================================================================
- Summary:
An update for rh-nginx110-nginx is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage. A remote attacker could possibly exploit this flaw to disclose parts of the cache file header, or, if used in combination with third party modules, disclose potentially sensitive memory by sending specially crafted HTTP requests. (CVE-2017-7529)
Red Hat would like to thank the Nginx project for reporting this issue.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source: rh-nginx110-nginx-1.10.2-8.el6.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-8.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):
Source: rh-nginx110-nginx-1.10.2-8.el6.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-8.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source: rh-nginx110-nginx-1.10.2-8.el6.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-8.el6.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-8.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-nginx110-nginx-1.10.2-8.el7.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-8.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3):
Source: rh-nginx110-nginx-1.10.2-8.el7.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-8.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-nginx110-nginx-1.10.2-8.el7.src.rpm
x86_64: rh-nginx110-nginx-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-8.el7.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-8.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2017-7529 https://access.redhat.com/security/updates/classification/#low
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFZpJOQXlSAg2UNWIIRAmScAJ4wJSfq0I+2JBvww6c9AkJKZx4YAACdHwbT Rf+yBkpEe91OHNNto3rboqM= =rlDh -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2021-09-20-4 Xcode 13
Xcode 13 addresses the following issues.
IDE Xcode Server Available for: macOS Big Sur 11.3 and later Impact: Multiple issues in nginx Description: Multiple issues were addressed by updating nginx to version 1.21.0. CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 CVE-2017-7529 CVE-2018-16843 CVE-2018-16844 CVE-2018-16845 CVE-2019-20372
Installation note:
Xcode 13 may be obtained from:
https://developer.apple.com/xcode/downloads/
To check that the Xcode has been updated:
- Select Xcode in the menu bar
- Select About Xcode
- The version after applying this update will be "Xcode 13"
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201707-1309", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "nginx", scope: "gte", trust: 1, vendor: "f5", version: "0.5.6", }, { model: "nginx", scope: "gte", trust: 1, vendor: "f5", version: "1.13.0", }, { model: "enterprise", scope: "gte", trust: 1, vendor: "puppet", version: "2017.1.0", }, { model: "enterprise", scope: "gte", trust: 1, vendor: "puppet", version: "2017.2.1", }, { model: "enterprise", scope: "lte", trust: 1, vendor: "puppet", version: "2017.1.1", }, { model: "enterprise", scope: "lte", trust: 1, vendor: "puppet", version: "2017.2.3", }, { model: "enterprise", scope: "lt", trust: 1, vendor: "puppet", version: "2016.4.7", }, { model: "nginx", scope: "lte", trust: 1, vendor: "f5", version: "1.12.1", }, { model: "nginx", scope: "lte", trust: 1, vendor: "f5", version: "1.13.2", }, { model: "xcode", scope: "lt", trust: 1, vendor: "apple", version: "13.0", }, { model: "nginx", scope: "eq", trust: 0.9, vendor: "nginx", version: "1.11.12", }, { model: "nginx", scope: null, trust: 0.8, vendor: "igor sysoev", version: null, }, { model: "nginx", scope: "eq", trust: 0.6, vendor: "nginx", version: "1.11.10", }, { model: "nginx", scope: "eq", trust: 0.6, vendor: "nginx", version: "1.13.1", }, { model: "nginx", scope: "eq", trust: 0.6, vendor: "nginx", version: "1.11.13", }, { model: "nginx", scope: "eq", trust: 0.6, vendor: "nginx", version: "1.11.9", }, { model: "nginx", scope: "eq", trust: 0.6, vendor: "nginx", version: "1.13.0", }, { model: "nginx", scope: "eq", trust: 0.6, vendor: "nginx", version: "1.11.8", }, { model: "nginx", scope: "eq", trust: 0.6, vendor: "nginx", version: "1.13.2", }, { model: "nginx", scope: "eq", trust: 0.6, vendor: "nginx", version: "1.11.11", }, { model: "nginx", scope: "eq", trust: 0.6, vendor: "nginx", version: "1.11.7", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.12", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.11.1", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.11", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.10.3", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.10.1", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.10", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.9.15", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.9.10", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.9.9", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.9", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.8.1", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.8", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.7.12", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.7", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.6.3", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.5.13", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.4.7", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.3.16", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.3.15", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.3.14", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.3.11", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.2.9", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.1.18", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.1.17", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "0.9.7", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "0.9", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "0.8.55", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "0.8.36", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "0.8", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "0.7.69", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "0.7", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "0.6.39", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "0.6.18", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "0.6", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "0.5.6", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.6.1", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.6.0", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.5.9", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.5.8", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.5.7", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.5.6", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.5.5", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.5.4", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.5.3", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.5.2", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.5.12", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.5.11", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.5.10", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.4.2", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.4.1", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.4.0", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.3.9", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.3.8", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.3.7", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.3.6", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.3.5", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.3.4", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.3.3", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.3.2", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.3.13", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.3.12", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.3.10", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.3.1", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.3.0", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.2.0", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.1.9", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.1.8", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.1.7", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.1.6", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.1.5", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.1.4", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.1.3", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.1.2", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.1.19", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.1.16", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.1.15", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.1.14", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.1.13", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.1.12", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.1.11", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.1.10", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.1.1", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.1.0", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.0.9", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.0.8", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.0.7", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.0.6", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.0.5", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.0.4", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.0.3", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.0.2", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.0.15", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.0.14", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.0.13", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.0.12", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.0.10", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.0.1", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.0.0", }, { model: "nginx", scope: "ne", trust: 0.3, vendor: "nginx", version: "1.13.3", }, { model: "nginx", scope: "ne", trust: 0.3, vendor: "nginx", version: "1.12.1", }, ], sources: [ { db: "BID", id: "99534", }, { db: "JVNDB", id: "JVNDB-2017-006088", }, { db: "CNNVD", id: "CNNVD-201707-563", }, { db: "NVD", id: "CVE-2017-7529", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/a:igor_sysoev:nginx", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-006088", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "The vendor reported this issue.", sources: [ { db: "BID", id: "99534", }, ], trust: 0.3, }, cve: "CVE-2017-7529", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CVE-2017-7529", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 1.9, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "VHN-115732", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.1, vectorString: "AV:N/AC:L/AU:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2017-7529", impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 7.5, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2017-7529", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2017-7529", trust: 1, value: "HIGH", }, { author: "NVD", id: "CVE-2017-7529", trust: 0.8, value: "High", }, { author: "CNNVD", id: "CNNVD-201707-563", trust: 0.6, value: "HIGH", }, { author: "VULHUB", id: "VHN-115732", trust: 0.1, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2017-7529", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-115732", }, { db: "VULMON", id: "CVE-2017-7529", }, { db: "JVNDB", id: "JVNDB-2017-006088", }, { db: "CNNVD", id: "CNNVD-201707-563", }, { db: "NVD", id: "CVE-2017-7529", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request. nginx is prone to a remote integer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. \nAttackers can exploit this issue to obtain sensitive information or may crash the application resulting in a denial-of-service condition. \nnginx 0.5.6 through 1.13.2 are vulnerable. Nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. The range filter module is one of the range filter modules. \n\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 1.6.2-5+deb8u5. \n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 1.10.3-1+deb9u1. \n\nFor the unstable distribution (sid), this problem will be fixed soon. \n\nWe recommend that you upgrade your nginx packages. \n==========================================================================\nUbuntu Security Notice USN-3352-1\nJuly 13, 2017\n\nnginx vulnerability\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 17.04\n- Ubuntu 16.10\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n\nSummary:\n\nnginx could be made to expose sensitive information over the network. A remote attacker could use this to expose\nsensitive information. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 17.04:\n nginx-common 1.10.3-1ubuntu3.1\n nginx-core 1.10.3-1ubuntu3.1\n nginx-extras 1.10.3-1ubuntu3.1\n nginx-full 1.10.3-1ubuntu3.1\n nginx-light 1.10.3-1ubuntu3.1\n\nUbuntu 16.10:\n nginx-common 1.10.1-0ubuntu1.3\n nginx-core 1.10.1-0ubuntu1.3\n nginx-extras 1.10.1-0ubuntu1.3\n nginx-full 1.10.1-0ubuntu1.3\n nginx-light 1.10.1-0ubuntu1.3\n\nUbuntu 16.04 LTS:\n nginx-common 1.10.3-0ubuntu0.16.04.2\n nginx-core 1.10.3-0ubuntu0.16.04.2\n nginx-extras 1.10.3-0ubuntu0.16.04.2\n nginx-full 1.10.3-0ubuntu0.16.04.2\n nginx-light 1.10.3-0ubuntu0.16.04.2\n\nUbuntu 14.04 LTS:\n nginx-common 1.4.6-1ubuntu3.8\n nginx-core 1.4.6-1ubuntu3.8\n nginx-extras 1.4.6-1ubuntu3.8\n nginx-full 1.4.6-1ubuntu3.8\n nginx-light 1.4.6-1ubuntu3.8\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Low: rh-nginx110-nginx security update\nAdvisory ID: RHSA-2017:2538-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2017:2538\nIssue date: 2017-08-28\nCVE Names: CVE-2017-7529 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-nginx110-nginx is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Low. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nNginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and\nIMAP protocols, with a strong focus on high concurrency, performance and\nlow memory usage. A remote attacker could possibly\nexploit this flaw to disclose parts of the cache file header, or, if used\nin combination with third party modules, disclose potentially sensitive\nmemory by sending specially crafted HTTP requests. (CVE-2017-7529)\n\nRed Hat would like to thank the Nginx project for reporting this issue. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nrh-nginx110-nginx-1.10.2-8.el6.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-8.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):\n\nSource:\nrh-nginx110-nginx-1.10.2-8.el6.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-8.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nrh-nginx110-nginx-1.10.2-8.el6.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-8.el6.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-8.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nginx110-nginx-1.10.2-8.el7.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-8.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3):\n\nSource:\nrh-nginx110-nginx-1.10.2-8.el7.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-8.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-nginx110-nginx-1.10.2-8.el7.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-8.el7.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-8.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2017-7529\nhttps://access.redhat.com/security/updates/classification/#low\n\n8. Contact:\n\nThe Red Hat security contact is <secalert@redhat.com>. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2017 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFZpJOQXlSAg2UNWIIRAmScAJ4wJSfq0I+2JBvww6c9AkJKZx4YAACdHwbT\nRf+yBkpEe91OHNNto3rboqM=\n=rlDh\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-09-20-4 Xcode 13\n\nXcode 13 addresses the following issues. \n\nIDE Xcode Server\nAvailable for: macOS Big Sur 11.3 and later\nImpact: Multiple issues in nginx\nDescription: Multiple issues were addressed by updating nginx to\nversion 1.21.0. \nCVE-2016-0742\nCVE-2016-0746\nCVE-2016-0747\nCVE-2017-7529\nCVE-2018-16843\nCVE-2018-16844\nCVE-2018-16845\nCVE-2019-20372\n\nInstallation note:\n\nXcode 13 may be obtained from:\n\nhttps://developer.apple.com/xcode/downloads/\n\nTo check that the Xcode has been updated:\n\n* Select Xcode in the menu bar\n* Select About Xcode\n* The version after applying this update will be \"Xcode 13\"", sources: [ { db: "NVD", id: "CVE-2017-7529", }, { db: "JVNDB", id: "JVNDB-2017-006088", }, { db: "BID", id: "99534", }, { db: "VULHUB", id: "VHN-115732", }, { db: "VULMON", id: "CVE-2017-7529", }, { db: "PACKETSTORM", id: "143348", }, { db: "PACKETSTORM", id: "143347", }, { db: "PACKETSTORM", id: "143935", }, { db: "PACKETSTORM", id: "164240", }, ], trust: 2.43, }, exploit_availability: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { reference: "https://www.scap.org.cn/vuln/vhn-115732", trust: 0.1, type: "unknown", }, ], sources: [ { db: "VULHUB", id: "VHN-115732", }, ], }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2017-7529", trust: 3.3, }, { db: "BID", id: "99534", trust: 2, }, { db: "SECTRACK", id: "1039238", trust: 1.7, }, { db: "JVNDB", id: "JVNDB-2017-006088", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201707-563", trust: 0.7, }, { db: "PACKETSTORM", id: "164240", trust: 0.7, }, { db: "AUSCERT", id: "ESB-2021.3157", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2020.1701", trust: 0.6, }, { db: "PACKETSTORM", id: "143935", trust: 0.2, }, { db: "PACKETSTORM", id: "143348", trust: 0.2, }, { db: "PACKETSTORM", id: "143347", trust: 0.2, }, { db: "SEEBUG", id: "SSVID-96273", trust: 0.1, }, { db: "VULHUB", id: "VHN-115732", trust: 0.1, }, { db: "VULMON", id: "CVE-2017-7529", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-115732", }, { db: "VULMON", id: "CVE-2017-7529", }, { db: "BID", id: "99534", }, { db: "JVNDB", id: "JVNDB-2017-006088", }, { db: "PACKETSTORM", id: "143348", }, { db: "PACKETSTORM", id: "143347", }, { db: "PACKETSTORM", id: "143935", }, { db: "PACKETSTORM", id: "164240", }, { db: "CNNVD", id: "CNNVD-201707-563", }, { db: "NVD", id: "CVE-2017-7529", }, ], }, id: "VAR-201707-1309", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-115732", }, ], trust: 0.01, }, last_update_date: "2024-11-23T20:11:28.512000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "CVE-2017-7529", trust: 0.8, url: "http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html", }, { title: "Nginx range filter Fixes for module digital error vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqById.tag?id=71698", }, { title: "Ubuntu Security Notice: nginx vulnerability", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3352-1", }, { title: "Debian Security Advisories: DSA-3908-1 nginx -- security update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=704f48ff7bd09792912d23527ab54543", }, { title: "Debian CVElist Bug Report Logs: nginx: CVE-2017-7529 Integer overflow in the range filter", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=a0f173670cb05b0faed5127f8a0445b1", }, { title: "Amazon Linux AMI: ALAS-2017-894", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2017-894", }, { title: "Red Hat: CVE-2017-7529", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2017-7529", }, { title: "Arch Linux Advisories: [ASA-201707-12] nginx-mainline: information disclosure", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201707-12", }, { title: "Arch Linux Advisories: [ASA-201707-11] nginx: information disclosure", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201707-11", }, { title: "Arch Linux Issues: ", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2017-7529", }, { title: "nginxpwner", trust: 0.1, url: "https://github.com/stark0de/nginxpwner ", }, { title: "cve-2017-7529", trust: 0.1, url: "https://github.com/cved-sources/cve-2017-7529 ", }, { title: "nginx-CVE-2017-7529", trust: 0.1, url: "https://github.com/cyberharsh/nginx-CVE-2017-7529 ", }, ], sources: [ { db: "VULMON", id: "CVE-2017-7529", }, { db: "JVNDB", id: "JVNDB-2017-006088", }, { db: "CNNVD", id: "CNNVD-201707-563", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-190", trust: 1.9, }, ], sources: [ { db: "VULHUB", id: "VHN-115732", }, { db: "JVNDB", id: "JVNDB-2017-006088", }, { db: "NVD", id: "CVE-2017-7529", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html", }, { trust: 1.8, url: "https://access.redhat.com/errata/rhsa-2017:2538", }, { trust: 1.7, url: "http://www.securityfocus.com/bid/99534", }, { trust: 1.7, url: "https://puppet.com/security/cve/cve-2017-7529", }, { trust: 1.7, url: "https://support.apple.com/kb/ht212818", }, { trust: 1.7, url: "http://seclists.org/fulldisclosure/2021/sep/36", }, { trust: 1.7, url: "http://www.securitytracker.com/id/1039238", }, { trust: 1.2, url: "https://nvd.nist.gov/vuln/detail/cve-2017-7529", }, { trust: 0.8, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7529", }, { trust: 0.6, url: "https://support.apple.com/en-us/ht212818", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2021.3157", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2020.1701/", }, { trust: 0.6, url: "https://packetstormsecurity.com/files/164240/apple-security-advisory-2021-09-20-4.html", }, { trust: 0.3, url: "http://nginx.org/", }, { trust: 0.3, url: "http://nginx.org/#2017-07-11", }, { trust: 0.3, url: "http://nginx.org/en/security_advisories.html", }, { trust: 0.1, url: "https://www.debian.org/security/", }, { trust: 0.1, url: "https://www.debian.org/security/faq", }, { trust: 0.1, url: "https://www.ubuntu.com/usn/usn-3352-1", }, { trust: 0.1, url: "https://launchpad.net/ubuntu/+source/nginx/1.10.3-0ubuntu0.16.04.2", }, { trust: 0.1, url: "https://launchpad.net/ubuntu/+source/nginx/1.10.3-1ubuntu3.1", }, { trust: 0.1, url: "https://launchpad.net/ubuntu/+source/nginx/1.4.6-1ubuntu3.8", }, { trust: 0.1, url: "https://launchpad.net/ubuntu/+source/nginx/1.10.1-0ubuntu1.3", }, { trust: 0.1, url: "https://www.redhat.com/mailman/listinfo/rhsa-announce", }, { trust: 0.1, url: "https://access.redhat.com/security/updates/classification/#low", }, { trust: 0.1, url: "https://bugzilla.redhat.com/):", }, { trust: 0.1, url: "https://access.redhat.com/security/team/key/", }, { trust: 0.1, url: "https://access.redhat.com/articles/11258", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2017-7529", }, { trust: 0.1, url: "https://access.redhat.com/security/team/contact/", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2019-20372", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2018-16843", }, { trust: 0.1, url: "https://support.apple.com/kb/ht201222", }, { trust: 0.1, url: "https://www.apple.com/support/security/pgp/", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2018-16845", }, { trust: 0.1, url: "https://developer.apple.com/xcode/downloads/", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2018-16844", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-0746", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-0747", }, { trust: 0.1, url: "https://support.apple.com/ht212818.", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-0742", }, ], sources: [ { db: "VULHUB", id: "VHN-115732", }, { db: "BID", id: "99534", }, { db: "JVNDB", id: "JVNDB-2017-006088", }, { db: "PACKETSTORM", id: "143348", }, { db: "PACKETSTORM", id: "143347", }, { db: "PACKETSTORM", id: "143935", }, { db: "PACKETSTORM", id: "164240", }, { db: "CNNVD", id: "CNNVD-201707-563", }, { db: "NVD", id: "CVE-2017-7529", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-115732", }, { db: "VULMON", id: "CVE-2017-7529", }, { db: "BID", id: "99534", }, { db: "JVNDB", id: "JVNDB-2017-006088", }, { db: "PACKETSTORM", id: "143348", }, { db: "PACKETSTORM", id: "143347", }, { db: "PACKETSTORM", id: "143935", }, { db: "PACKETSTORM", id: "164240", }, { db: "CNNVD", id: "CNNVD-201707-563", }, { db: "NVD", id: "CVE-2017-7529", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2017-07-13T00:00:00", db: "VULHUB", id: "VHN-115732", }, { date: "2017-07-13T00:00:00", db: "VULMON", id: "CVE-2017-7529", }, { date: "2017-07-11T00:00:00", db: "BID", id: "99534", }, { date: "2017-08-17T00:00:00", db: "JVNDB", id: "JVNDB-2017-006088", }, { date: "2017-07-14T02:16:01", db: "PACKETSTORM", id: "143348", }, { date: "2017-07-14T02:15:51", db: "PACKETSTORM", id: "143347", }, { date: "2017-08-28T21:24:00", db: "PACKETSTORM", id: "143935", }, { date: "2021-09-22T16:28:58", db: "PACKETSTORM", id: "164240", }, { date: "2017-07-13T00:00:00", db: "CNNVD", id: "CNNVD-201707-563", }, { date: "2017-07-13T13:29:00.220000", db: "NVD", id: "CVE-2017-7529", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-11-10T00:00:00", db: "VULHUB", id: "VHN-115732", }, { date: "2022-01-24T00:00:00", db: "VULMON", id: "CVE-2017-7529", }, { date: "2017-07-11T00:00:00", db: "BID", id: "99534", }, { date: "2017-08-17T00:00:00", db: "JVNDB", id: "JVNDB-2017-006088", }, { date: "2023-05-15T00:00:00", db: "CNNVD", id: "CNNVD-201707-563", }, { date: "2024-11-21T03:32:05.337000", db: "NVD", id: "CVE-2017-7529", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "PACKETSTORM", id: "143347", }, { db: "PACKETSTORM", id: "143935", }, { db: "CNNVD", id: "CNNVD-201707-563", }, ], trust: 0.8, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Nginx of range filter Module integer overflow vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2017-006088", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "input validation error", sources: [ { db: "CNNVD", id: "CNNVD-201707-563", }, ], trust: 0.6, }, }
gsd-2017-7529
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.
Aliases
Aliases
{ GSD: { alias: "CVE-2017-7529", description: "Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.", id: "GSD-2017-7529", references: [ "https://www.suse.com/security/cve/CVE-2017-7529.html", "https://www.debian.org/security/2017/dsa-3908", "https://access.redhat.com/errata/RHSA-2017:2538", "https://ubuntu.com/security/CVE-2017-7529", "https://advisories.mageia.org/CVE-2017-7529.html", "https://security.archlinux.org/CVE-2017-7529", "https://alas.aws.amazon.com/cve/html/CVE-2017-7529.html", "https://linux.oracle.com/cve/CVE-2017-7529.html", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2017-7529", ], details: "Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.", id: "GSD-2017-7529", modified: "2023-12-13T01:21:06.911859Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", DATE_PUBLIC: "2017-07-11T00:00:00", ID: "CVE-2017-7529", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "nginx", version: { version_data: [ { version_value: "0.5.6 - 1.13.2", }, ], }, }, ], }, vendor_name: "nginx", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-190", }, ], }, ], }, references: { reference_data: [ { name: "[nginx-announce] 20170711 nginx security advisory (CVE-2017-7529)", refsource: "MLIST", url: "http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html", }, { name: "RHSA-2017:2538", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:2538", }, { name: "99534", refsource: "BID", url: "http://www.securityfocus.com/bid/99534", }, { name: "1039238", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1039238", }, { name: "https://puppet.com/security/cve/cve-2017-7529", refsource: "CONFIRM", url: "https://puppet.com/security/cve/cve-2017-7529", }, { name: "https://support.apple.com/kb/HT212818", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT212818", }, { name: "20210921 APPLE-SA-2021-09-20-4 Xcode 13", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2021/Sep/36", }, ], }, }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.12.1", versionStartIncluding: "0.5.6", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.13.2", versionStartIncluding: "1.13.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2017.1.1", versionStartIncluding: "2017.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2017.2.3", versionStartIncluding: "2017.2.1", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2016.4.7", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "13.0", vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2017-7529", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-190", }, ], }, ], }, references: { reference_data: [ { name: "[nginx-announce] 20170711 nginx security advisory (CVE-2017-7529)", refsource: "MLIST", tags: [ "Vendor Advisory", ], url: "http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html", }, { name: "99534", refsource: "BID", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/99534", }, { name: "1039238", refsource: "SECTRACK", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1039238", }, { name: "https://puppet.com/security/cve/cve-2017-7529", refsource: "CONFIRM", tags: [ "Third Party Advisory", ], url: "https://puppet.com/security/cve/cve-2017-7529", }, { name: "RHSA-2017:2538", refsource: "REDHAT", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:2538", }, { name: "https://support.apple.com/kb/HT212818", refsource: "CONFIRM", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT212818", }, { name: "20210921 APPLE-SA-2021-09-20-4 Xcode 13", refsource: "FULLDISC", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2021/Sep/36", }, ], }, }, impact: { baseMetricV2: { cvssV2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", userInteractionRequired: false, }, baseMetricV3: { cvssV3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, }, }, lastModifiedDate: "2022-01-24T16:46Z", publishedDate: "2017-07-13T13:29Z", }, }, }
ghsa-85mj-h68w-w736
Vulnerability from github
Published
2022-05-13 01:04
Modified
2022-05-13 01:04
Severity ?
Details
Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.
{ affected: [], aliases: [ "CVE-2017-7529", ], database_specific: { cwe_ids: [ "CWE-190", ], github_reviewed: false, github_reviewed_at: null, nvd_published_at: "2017-07-13T13:29:00Z", severity: "HIGH", }, details: "Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.", id: "GHSA-85mj-h68w-w736", modified: "2022-05-13T01:04:15Z", published: "2022-05-13T01:04:15Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-7529", }, { type: "WEB", url: "https://access.redhat.com/errata/RHSA-2017:2538", }, { type: "WEB", url: "https://puppet.com/security/cve/cve-2017-7529", }, { type: "WEB", url: "https://support.apple.com/kb/HT212818", }, { type: "WEB", url: "http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html", }, { type: "WEB", url: "http://seclists.org/fulldisclosure/2021/Sep/36", }, { type: "WEB", url: "http://www.securityfocus.com/bid/99534", }, { type: "WEB", url: "http://www.securitytracker.com/id/1039238", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", type: "CVSS_V3", }, ], }
fkie_cve-2017-7529
Vulnerability from fkie_nvd
Published
2017-07-13 13:29
Modified
2025-04-20 01:37
Severity ?
Summary
Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f5 | nginx | * | |
| f5 | nginx | * | |
| puppet | puppet_enterprise | * | |
| puppet | puppet_enterprise | * | |
| puppet | puppet_enterprise | * | |
| apple | xcode | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", matchCriteriaId: "D19034A4-1211-4A40-A2D3-2A9F87770081", versionEndIncluding: "1.12.1", versionStartIncluding: "0.5.6", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", matchCriteriaId: "BA59CB1C-4A69-4593-9D22-9B45FCA70490", versionEndIncluding: "1.13.2", versionStartIncluding: "1.13.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*", matchCriteriaId: "B7ABD977-A333-473B-806D-32ECD7909B35", versionEndExcluding: "2016.4.7", vulnerable: true, }, { criteria: "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*", matchCriteriaId: "15CC6F3C-8DA8-4CE0-8E9A-057A0F55DEE4", versionEndIncluding: "2017.1.1", versionStartIncluding: "2017.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*", matchCriteriaId: "38CBF065-5219-463A-9677-86088D761584", versionEndIncluding: "2017.2.3", versionStartIncluding: "2017.2.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*", matchCriteriaId: "BB279F6B-EE4C-4885-9CD4-657F6BD2548F", versionEndExcluding: "13.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.", }, { lang: "es", value: "Las versiones desde la 0.5.6 hasta 1.13.2 incluyéndola de Nginx, son susceptibles a una vulnerabilidad de desbordamiento de enteros en el módulo filtro de rango de nginx, resultando en un filtrado de información potencialmente confidencial activada por una petición especialmente creada.", }, ], id: "CVE-2017-7529", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-07-13T13:29:00.220", references: [ { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2021/Sep/36", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/99534", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1039238", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:2538", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://puppet.com/security/cve/cve-2017-7529", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT212818", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2021/Sep/36", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/99534", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1039238", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:2538", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://puppet.com/security/cve/cve-2017-7529", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT212818", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-190", }, ], source: "secalert@redhat.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-190", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.