[SECURITY] Fedora 29 Update: nginx-1.16.1-1.fc29

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2019-7a0b45fdc4 2019-09-04 04:05:05.596756 -------------------------------------------------------------------------------- Name : nginx Product : Fedora 29 Version : 1.16.1 Release : 1.fc29 URL : http://nginx.org/ Summary : A high performance web server and reverse proxy server Description : Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage. -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2019-9511, CVE-2019-9513, CVE-2019-9516 -------------------------------------------------------------------------------- ChangeLog: * Tue Aug 13 2019 Jamie Nguyen <jamielinux(a)fedoraproject.org&gt; - 1:1.16.1-1 - Update to upstream release 1.16.1 - Fixes CVE-2019-9511, CVE-2019-9513, CVE-2019-9516 * Thu Jul 25 2019 Fedora Release Engineering <releng(a)fedoraproject.org&gt; - 1:1.16.0-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild * Thu May 30 2019 Jitka Plesnikova <jplesnik(a)redhat.com&gt; - 1:1.16.0-4 - Perl 5.30 rebuild * Tue May 14 2019 Stephen Gallagher <sgallagh(a)redhat.com&gt; - 1.16.0-3 - Move to common default index.html - Resolves: rhbz#1636235 * Tue May 7 2019 Jamie Nguyen <jamielinux(a)fedoraproject.org&gt; - 1:1.16.0-2 - Add missing directory for vim plugin * Fri Apr 26 2019 Jamie Nguyen <jamielinux(a)fedoraproject.org&gt; - 1:1.16.0-1 - Update to upstream release 1.16.0 * Mon Mar 4 2019 Jamie Nguyen <jamielinux(a)fedoraproject.org&gt; - 1:1.15.9-1 - Update to upstream release 1.15.9 - Enable ngx_stream_ssl_preread module - Remove redundant conditionals * Fri Feb 1 2019 Fedora Release Engineering <releng(a)fedoraproject.org&gt; - 1:1.14.1-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Mon Jan 14 2019 Bj��rn Esser <besser82(a)fedoraproject.org&gt; - 1:1.14.1-4 - Rebuilt for libcrypt.so.2 (#1666033) * Tue Dec 11 2018 Joe Orton <jorton(a)redhat.com&gt; - 1:1.14.1-3 - fix unexpanded paths in nginx(8) * Tue Nov 20 2018 Lubo�� Uhliarik <luhliari(a)redhat.com&gt; - 1:1.14.1-2 - new version 1.14.1 - Resolves: #1584426 - Upstream Nginx 1.14.0 is now available - Resolves: #1647255 - CVE-2018-16845 nginx: Denial of service and memory disclosure via mp4 module - Resolves: #1647259 - CVE-2018-16843 nginx: Excessive memory consumption via flaw in HTTP/2 implementation - Resolves: #1647258 - CVE-2018-16844 nginx: Excessive CPU usage via flaw in HTTP/2 implementation -------------------------------------------------------------------------------- References: [ 1 ] Bug #1742381 - CVE-2019-9516 nginx: HTTP/2: 0-length headers leads to denial of service [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1742381 [ 2 ] Bug #1742375 - CVE-2019-9511 nginx: HTTP/2: large amount of data request leads to denial of service [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1742375 [ 3 ] Bug #1742294 - CVE-2019-9513 nginx: HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1742294 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-7a0b45fdc4' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------