From: Marc Deslauriers
Date: 2018年11月8日 週四 上午12:02
Date: 2018年11月8日 週四 上午12:02
It was discovered that nginx incorrectly handled the HTTP/2 implementation.
A remote attacker could possibly use this issue to cause excessive memory
consumption, leading to a denial of service. This issue only affected
Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-16843)
Gal Goldshtein discovered that nginx incorrectly handled the HTTP/2
implementation. A remote attacker could possibly use this issue to cause
excessive CPU usage, leading to a denial of service. This issue only
affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10.
(CVE-2018-16844)
It was discovered that nginx incorrectly handled the ngx_http_mp4_module
module. A remote attacker could possibly use this issue with a specially
crafted mp4 file to cause nginx to crash, stop responding, or access
arbitrary memory. (CVE-2018-16845)
References:
https://usn.ubuntu.com/usn/usn
CVE-2018-16843, CVE-2018-16844, CVE-2018-16845
沒有留言:
張貼留言