nginx:1.22 security update
エラータID: AXSA:2023-6517:01
リリース日:
2023/10/20 Friday - 04:02
題名:
nginx:1.22 security update
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- HTTP/2 プロトコルには、意図しないリソースの消費に至る問題がある
ため、リモートの攻撃者により、新規の多重ストリームのリクエストと
RST_STREAM フレームによるリクエストのキャンセルの送信を介して、
サービス拒否攻撃 (リソース枯渇) を可能とする脆弱性が存在します。
(CVE-2023-44487)
Modularity name: nginx
Stream name: 1.22
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
追加情報:
N/A
ダウンロード:
SRPMS
- nginx-1.22.1-1.module+el8+1670+07f5f290.1.ML.1.src.rpm
MD5: b7f1c86aee57099d1bb0c35ffa5e4222
SHA-256: 1db8a555ec62cc95a1c5bef7c0f498e9287fa23cb687b663307737bccb9f64f6
Size: 1.07 MB
Asianux Server 8 for x86_64
- nginx-1.22.1-1.module+el8+1670+07f5f290.1.ML.1.x86_64.rpm
MD5: df8ca0bce94628b309cc02e4248d01a3
SHA-256: 05c740756717ddbd95ec685962446730ef1f0f88776d296301ef0601d6281d80
Size: 597.94 kB - nginx-all-modules-1.22.1-1.module+el8+1670+07f5f290.1.ML.1.noarch.rpm
MD5: 6b63a196c5c96073bab291a56ee87e01
SHA-256: 01f770c62b6932a730689f87b735d8907f0e4dfd267d371cabdd8797884e784e
Size: 24.36 kB - nginx-debugsource-1.22.1-1.module+el8+1670+07f5f290.1.ML.1.x86_64.rpm
MD5: 1c2c2e6375d388aa619085faa4c5b1fb
SHA-256: c5e186fb21837289609dece5647eb42a6f2329b278d29a0dec858f1999f4d48d
Size: 690.62 kB - nginx-filesystem-1.22.1-1.module+el8+1670+07f5f290.1.ML.1.noarch.rpm
MD5: eca4ec38c8315dcda03d8791a61b1f64
SHA-256: 6d750c9c3b908ff9ad191ea7b941c1f59e356d391563239976403ff996920520
Size: 25.33 kB - nginx-mod-devel-1.22.1-1.module+el8+1670+07f5f290.1.ML.1.x86_64.rpm
MD5: ffecc1d37fc74867f9669224aac53b20
SHA-256: 522b33a24390f6593f07dfd4be22d534b654e3616a545994740f9d8c9d907fd7
Size: 929.48 kB - nginx-mod-http-image-filter-1.22.1-1.module+el8+1670+07f5f290.1.ML.1.x86_64.rpm
MD5: c51af493d2ac0d01082ceaaecaa11d14
SHA-256: 2da479d1993f7983e42d7f89c82d43ce5923ac9e9dcb57a9d43aea8e2bf4d082
Size: 35.76 kB - nginx-mod-http-perl-1.22.1-1.module+el8+1670+07f5f290.1.ML.1.x86_64.rpm
MD5: f38a2be503958d08943d1d8a15191b66
SHA-256: af30dcbbd2f563f6531e1f13cb801b557b8286e6dac31e5c01c5840210e72c13
Size: 47.59 kB - nginx-mod-http-xslt-filter-1.22.1-1.module+el8+1670+07f5f290.1.ML.1.x86_64.rpm
MD5: 49f10a17ad930ce3ab1b90aad09f73ca
SHA-256: e87f315ab0c5579def2b45f7124035f7060ebb467576fb859dfc886cd0cdec3e
Size: 34.39 kB - nginx-mod-mail-1.22.1-1.module+el8+1670+07f5f290.1.ML.1.x86_64.rpm
MD5: a3bcf5b952daf092a9fa3e1efa8be1a0
SHA-256: fe3a06b571b11ff9b3daab47ae2cdb7de95d1da685e905873ef3ec46b5b5fe06
Size: 67.95 kB - nginx-mod-stream-1.22.1-1.module+el8+1670+07f5f290.1.ML.1.x86_64.rpm
MD5: 3573e0959ce9689433d452149639c4dc
SHA-256: 4f3869cd63c62dacd48ee490e7ddac60bc01fd86a7faf094c4a3bf308d86e2aa
Size: 94.55 kB
English