--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2019-7a0b45fdc4
2019-09-04 04:05:05.596756
--------------------------------------------------------------------------------
Name : nginx
Product : Fedora 29
Version : 1.16.1
Release : 1.fc29
URL :
http://nginx.org/
Summary : A high performance web server and reverse proxy server
Description :
Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and
IMAP protocols, with a strong focus on high concurrency, performance and low
memory usage.
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2019-9511, CVE-2019-9513, CVE-2019-9516
--------------------------------------------------------------------------------
ChangeLog:
* Tue Aug 13 2019 Jamie Nguyen <jamielinux(a)fedoraproject.org> - 1:1.16.1-1
- Update to upstream release 1.16.1
- Fixes CVE-2019-9511, CVE-2019-9513, CVE-2019-9516
* Thu Jul 25 2019 Fedora Release Engineering <releng(a)fedoraproject.org> -
1:1.16.0-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Thu May 30 2019 Jitka Plesnikova <jplesnik(a)redhat.com> - 1:1.16.0-4
- Perl 5.30 rebuild
* Tue May 14 2019 Stephen Gallagher <sgallagh(a)redhat.com> - 1.16.0-3
- Move to common default index.html
- Resolves: rhbz#1636235
* Tue May 7 2019 Jamie Nguyen <jamielinux(a)fedoraproject.org> - 1:1.16.0-2
- Add missing directory for vim plugin
* Fri Apr 26 2019 Jamie Nguyen <jamielinux(a)fedoraproject.org> - 1:1.16.0-1
- Update to upstream release 1.16.0
* Mon Mar 4 2019 Jamie Nguyen <jamielinux(a)fedoraproject.org> - 1:1.15.9-1
- Update to upstream release 1.15.9
- Enable ngx_stream_ssl_preread module
- Remove redundant conditionals
* Fri Feb 1 2019 Fedora Release Engineering <releng(a)fedoraproject.org> -
1:1.14.1-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Mon Jan 14 2019 Bj��rn Esser <besser82(a)fedoraproject.org> - 1:1.14.1-4
- Rebuilt for libcrypt.so.2 (#1666033)
* Tue Dec 11 2018 Joe Orton <jorton(a)redhat.com> - 1:1.14.1-3
- fix unexpanded paths in nginx(8)
* Tue Nov 20 2018 Lubo�� Uhliarik <luhliari(a)redhat.com> - 1:1.14.1-2
- new version 1.14.1
- Resolves: #1584426 - Upstream Nginx 1.14.0 is now available
- Resolves: #1647255 - CVE-2018-16845 nginx: Denial of service and memory
disclosure via mp4 module
- Resolves: #1647259 - CVE-2018-16843 nginx: Excessive memory consumption
via flaw in HTTP/2 implementation
- Resolves: #1647258 - CVE-2018-16844 nginx: Excessive CPU usage via flaw
in HTTP/2 implementation
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1742381 - CVE-2019-9516 nginx: HTTP/2: 0-length headers leads to denial of
service [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1742381
[ 2 ] Bug #1742375 - CVE-2019-9511 nginx: HTTP/2: large amount of data request leads to
denial of service [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1742375
[ 3 ] Bug #1742294 - CVE-2019-9513 nginx: HTTP/2: flood using PRIORITY frames resulting
in excessive resource consumption [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1742294
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2019-7a0b45fdc4' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------