USN-4967-1: nginx vulnerability

26 May 2021

nginx could be made to crash or run programs if it received specially crafted network traffic.

Releases

Packages

  • nginx - small, powerful, scalable web/proxy server

Details

Luis Merino, Markus Vervier, and Eric Sesterhenn discovered that nginx
incorrectly handled responses to the DNS resolver. A remote attacker could
use this issue to cause nginx to crash, resulting in a denial of service,
or possibly execute arbitrary code.

References

Related notices

  • USN-4967-2: nginx, nginx-core, nginx-extras, nginx-light, nginx-naxsi, nginx-common, nginx-naxsi-ui, nginx-doc, nginx-full