Synopsis

Moderate: rh-nginx18-nginx security update

Type/Severity

Security Advisory: Moderate

Topic

An update for rh-nginx18-nginx is now available for Red Hat Software Collections.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Nginx is a web and proxy server with a focus on high concurrency, performance, and low memory usage.

The following packages have been upgraded to a newer upstream version: rh-nginx18-nginx (1.8.1).

Security Fix(es):

• A NULL pointer dereference flaw was found in the nginx code responsible for saving client request body to a temporary file. A remote attacker could send a specially crafted request that would cause nginx worker process to crash. (CVE-2016-4450)
• It was discovered that nginx could perform an out of bound read and dereference an invalid pointer when resolving CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to crash if nginx enabled the resolver in its configuration. (CVE-2016-0742)
• A use-after-free flaw was found in the way nginx resolved certain CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to crash or, possibly, execute arbitrary code if nginx enabled the resolver in its configuration. (CVE-2016-0746)
• It was discovered that nginx did not limit recursion when resolving CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to use an excessive amount of resources if nginx enabled the resolver in its configuration. (CVE-2016-0747)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The rh-nginx18-nginx service must be restarted for this update to take effect.

Affected Products

• Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.7 x86_64
• Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.6 x86_64
• Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.5 x86_64
• Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.4 x86_64
• Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.3 x86_64
• Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.2 x86_64
• Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.1 x86_64
• Red Hat Software Collections (for RHEL Server) 1 for RHEL 7 x86_64
• Red Hat Software Collections (for RHEL Server) 1 for RHEL 6.7 x86_64
• Red Hat Software Collections (for RHEL Server) 1 for RHEL 6.6 x86_64
• Red Hat Software Collections (for RHEL Server) 1 for RHEL 6 x86_64
• Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7 x86_64
• Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 6 x86_64

Fixes

• BZ - 1302587 - CVE-2016-0742 nginx: invalid pointer dereference in resolver
• BZ - 1302588 - CVE-2016-0746 nginx: use-after-free during CNAME response processing in resolver
• BZ - 1302589 - CVE-2016-0747 nginx: Insufficient limits of CNAME resolution in resolver
• BZ - 1341462 - CVE-2016-4450 nginx: NULL pointer dereference while writing client request body

CVEs

• CVE-2016-0742
• CVE-2016-0746
• CVE-2016-0747
• CVE-2016-4450

References