Your submission was sent successfully! Close

USN-4967-2: nginx vulnerability

27 May 2021

nginx could be made to crash or run programs if it received specially crafted network traffic.



  • nginx - small, powerful, scalable web/proxy server


USN-4967-1 fixed a vulnerability in nginx. This update provides
the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM.

Original advisory details:

Luis Merino, Markus Vervier, and Eric Sesterhenn discovered that nginx
incorrectly handled responses to the DNS resolver. A remote attacker could
use this issue to cause nginx to crash, resulting in a denial of service,
or possibly execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04
Ubuntu 14.04

In general, a standard system update will make all the necessary changes.


Related notices

  • USN-4967-1: libnginx-mod-nchan, libnginx-mod-http-lua, libnginx-mod-http-geoip, nginx-core, libnginx-mod-http-geoip2, libnginx-mod-http-cache-purge, libnginx-mod-http-dav-ext, libnginx-mod-http-xslt-filter, libnginx-mod-http-uploadprogress, libnginx-mod-http-ndk, libnginx-mod-mail, nginx-extras, libnginx-mod-rtmp, libnginx-mod-http-upstream-fair, libnginx-mod-stream-geoip2, nginx-full, libnginx-mod-http-headers-more-filter, nginx, libnginx-mod-http-perl, libnginx-mod-stream, libnginx-mod-http-auth-pam, nginx-doc, libnginx-mod-stream-geoip, libnginx-mod-http-subs-filter, nginx-common, nginx-light, libnginx-mod-http-image-filter, libnginx-mod-http-echo, libnginx-mod-http-fancyindex