rh-nginx114-nginx-1.14.1-1.1.0.1.el7.AXS7, rh-nginx114-1.14-6.el7

エラータID: AXSA:2021-1753:01

Release date: 
Tuesday, May 18, 2021 - 10:22
Subject: 
rh-nginx114-nginx-1.14.1-1.1.0.1.el7.AXS7, rh-nginx114-1.14-6.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

Nginx is a web and proxy server with a focus on high concurrency, performance,
and low memory usage.

This enhancement update adds the rh-nginx114 packages to Asianux Software
Collections.

Security Fix(es):

* HTTP/2: large amount of data request leads to denial of service
(CVE-2019-9511)

* HTTP/2: flood using PRIORITY frames resulting in excessive resource
consumption (CVE-2019-9513)

* HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVE-2019-9511
Some HTTP/2 implementations are vulnerable to window size manipulation and
stream prioritization manipulation, potentially leading to a denial of service.
The attacker requests a large amount of data from a specified resource over
multiple streams. They manipulate window size and stream priority to force the
server to queue the data in 1-byte chunks. Depending on how efficiently this
data is queued, this can consume excess CPU, memory, or both.
CVE-2019-9513

CVE-2019-9516
Some HTTP/2 implementations are vulnerable to a header leak, potentially leading
to a denial of service. The attacker sends a stream of headers with a 0-length
header name and 0-length header value, optionally Huffman encoded into 1-byte or
greater headers. Some implementations allocate memory for these headers and keep
the allocation alive until the session dies. This can consume excess memory.

Solution: 

Update packages.

CVEs: 
CVE-2019-9511
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.
CVE-2019-9513
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.
CVE-2019-9516
Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.
Additional Info: 

N/A

Download: 

SRPMS
  1. rh-nginx114-nginx-1.14.1-1.1.0.1.el7.AXS7.src.rpm
    MD5: 4c8f6202ff3905c380f4a3f9fe8f792e
    SHA-256: 02ac1e48e2dcc4167aa7ad80422519aef3e1fe3b36a3465444be76d723c055af
    Size: 1.01 MB
  2. rh-nginx114-1.14-6.el7.src.rpm
    MD5: 6a8a733966f0724705addc56f9dabe30
    SHA-256: e4d355928b933b8f6ca2ae6d20b141437e8fb3da2b4859aa0bb7a2a687ba276f
    Size: 11.99 kB

Asianux Server 7 for x86_64
  1. rh-nginx114-nginx-1.14.1-1.1.0.1.el7.AXS7.x86_64.rpm
    MD5: 31904b1324c430929f8648695ca889a2
    SHA-256: 89f9488fcdeae76d3cfa62e5d5b29800bf4cb0d6c16b2e03f28e7e47c8ec0766
    Size: 541.40 kB
  2. rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.1.0.1.el7.AXS7.x86_64.rpm
    MD5: 82429d81d61885f88a30fa2cfcdad82c
    SHA-256: 9bdd6a98999921e163206cd6febd786a70248124a936a4470e659dfe881f0a00
    Size: 24.70 kB
  3. rh-nginx114-nginx-mod-http-perl-1.14.1-1.1.0.1.el7.AXS7.x86_64.rpm
    MD5: eb7cc17e684901a98fe54dd3b0eb5d2b
    SHA-256: 4bad9b53ff0957a16ae481692c8a2ca9157ed2c88d01d1261467dad3f8af176e
    Size: 35.55 kB
  4. rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.1.0.1.el7.AXS7.x86_64.rpm
    MD5: 0b300b4d5839e8485402b3a77af5d083
    SHA-256: 6ee34c6c3e8b422d77a0aed5b6f09141ec6bc120d373053fe4318a0f5e2caf05
    Size: 23.86 kB
  5. rh-nginx114-nginx-mod-mail-1.14.1-1.1.0.1.el7.AXS7.x86_64.rpm
    MD5: 3b3b01ea568631f91926bbd6be67a399
    SHA-256: 0f8559f08f19d22ee5385f7f7b0ac3c41e0bb958f3de0518ed93b6c015dcc6ba
    Size: 51.92 kB
  6. rh-nginx114-nginx-mod-stream-1.14.1-1.1.0.1.el7.AXS7.x86_64.rpm
    MD5: bc00b2f653508e507c2b4d18bb7cc65e
    SHA-256: eac101a143cfd3e51a9af01c7fb94cf152be5ebe62a81e309319da0fd93b3c18
    Size: 74.98 kB
  7. rh-nginx114-1.14-6.el7.x86_64.rpm
    MD5: 96a0a3c875ad533fac90b62af4be29a6
    SHA-256: ad2540493170fc1596ef2304042ff180738159d242f935eac02214b5731b26be
    Size: 2.10 kB
  8. rh-nginx114-build-1.14-6.el7.x86_64.rpm
    MD5: c6c7a84b8e118296c2d5d373915909c6
    SHA-256: 3ae6022fe91ab91289270fac1551479966987d9a78b6bc5ea3fb0f3045f383c2
    Size: 2.95 kB
  9. rh-nginx114-runtime-1.14-6.el7.x86_64.rpm
    MD5: 63230127a68d566a6eacd65e3bf0f44b
    SHA-256: d9a51293c109db850a893a5bc247aa07bcc0b3dead537b00fb3da795d7eeaa97
    Size: 25.79 kB