Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2018:3652 - Security Advisory
Issued:
2018-11-26
Updated:
2018-11-26

RHSA-2018:3652 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: rh-nginx18-nginx security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for rh-nginx18-nginx is now available for Red Hat Software Collections.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.

Security Fix(es):

  • nginx: Denial of service and memory disclosure via mp4 module (CVE-2018-16845)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat would like to thank the Nginx project for reporting this issue.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The rh-nginx18-nginx service must be restarted for this update to take effect.

Affected Products

  • Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.7 x86_64
  • Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.6 x86_64
  • Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.5 x86_64
  • Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.4 x86_64
  • Red Hat Software Collections (for RHEL Server) 1 for RHEL 7 x86_64
  • Red Hat Software Collections (for RHEL Server) 1 for RHEL 6 x86_64
  • Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7 x86_64
  • Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 6 x86_64

Fixes

  • BZ - 1644508 - CVE-2018-16845 nginx: Denial of service and memory disclosure via mp4 module

CVEs

  • CVE-2018-16845

References

  • https://access.redhat.com/security/updates/classification/#important
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.7

SRPM
rh-nginx18-nginx-1.8.1-1.el7.1.src.rpm SHA-256: e31b6a81218ef2e234bf29383075d31bc1b2ddd192724c6e9309062f5bf12c7d
x86_64
rh-nginx18-nginx-1.8.1-1.el7.1.x86_64.rpm SHA-256: ad6a4d8d6a6259f1a033b135d3f247e4abb9b7621b6923d097f3e0271e4bc6cb
rh-nginx18-nginx-debuginfo-1.8.1-1.el7.1.x86_64.rpm SHA-256: cd35b3df4364ac76160425f8373418b4cea898ea2d666b98e1b127eddb9376d8

Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.6

SRPM
rh-nginx18-nginx-1.8.1-1.el7.1.src.rpm SHA-256: e31b6a81218ef2e234bf29383075d31bc1b2ddd192724c6e9309062f5bf12c7d
x86_64
rh-nginx18-nginx-1.8.1-1.el7.1.x86_64.rpm SHA-256: ad6a4d8d6a6259f1a033b135d3f247e4abb9b7621b6923d097f3e0271e4bc6cb
rh-nginx18-nginx-debuginfo-1.8.1-1.el7.1.x86_64.rpm SHA-256: cd35b3df4364ac76160425f8373418b4cea898ea2d666b98e1b127eddb9376d8

Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.5

SRPM
rh-nginx18-nginx-1.8.1-1.el7.1.src.rpm SHA-256: e31b6a81218ef2e234bf29383075d31bc1b2ddd192724c6e9309062f5bf12c7d
x86_64
rh-nginx18-nginx-1.8.1-1.el7.1.x86_64.rpm SHA-256: ad6a4d8d6a6259f1a033b135d3f247e4abb9b7621b6923d097f3e0271e4bc6cb
rh-nginx18-nginx-debuginfo-1.8.1-1.el7.1.x86_64.rpm SHA-256: cd35b3df4364ac76160425f8373418b4cea898ea2d666b98e1b127eddb9376d8

Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.4

SRPM
rh-nginx18-nginx-1.8.1-1.el7.1.src.rpm SHA-256: e31b6a81218ef2e234bf29383075d31bc1b2ddd192724c6e9309062f5bf12c7d
x86_64
rh-nginx18-nginx-1.8.1-1.el7.1.x86_64.rpm SHA-256: ad6a4d8d6a6259f1a033b135d3f247e4abb9b7621b6923d097f3e0271e4bc6cb
rh-nginx18-nginx-debuginfo-1.8.1-1.el7.1.x86_64.rpm SHA-256: cd35b3df4364ac76160425f8373418b4cea898ea2d666b98e1b127eddb9376d8

Red Hat Software Collections (for RHEL Server) 1 for RHEL 7

SRPM
rh-nginx18-nginx-1.8.1-1.el7.1.src.rpm SHA-256: e31b6a81218ef2e234bf29383075d31bc1b2ddd192724c6e9309062f5bf12c7d
x86_64
rh-nginx18-nginx-1.8.1-1.el7.1.x86_64.rpm SHA-256: ad6a4d8d6a6259f1a033b135d3f247e4abb9b7621b6923d097f3e0271e4bc6cb
rh-nginx18-nginx-debuginfo-1.8.1-1.el7.1.x86_64.rpm SHA-256: cd35b3df4364ac76160425f8373418b4cea898ea2d666b98e1b127eddb9376d8

Red Hat Software Collections (for RHEL Server) 1 for RHEL 6

SRPM
rh-nginx18-nginx-1.8.1-1.el6.1.src.rpm SHA-256: b91f76d075bafdb8f078bdee2ee21ab84b69a9e38ce392b3d660cfb94aa02a97
x86_64
rh-nginx18-nginx-1.8.1-1.el6.1.x86_64.rpm SHA-256: f37aca83280536d252ff459ae306b1686bf3563d7984cfb1a4f82783ee0b00a2
rh-nginx18-nginx-debuginfo-1.8.1-1.el6.1.x86_64.rpm SHA-256: cb7bcaff23aded99c71f48183ee1d3b5b20de698ef5af8acd42a34c1fc830f25

Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7

SRPM
rh-nginx18-nginx-1.8.1-1.el7.1.src.rpm SHA-256: e31b6a81218ef2e234bf29383075d31bc1b2ddd192724c6e9309062f5bf12c7d
x86_64
rh-nginx18-nginx-1.8.1-1.el7.1.x86_64.rpm SHA-256: ad6a4d8d6a6259f1a033b135d3f247e4abb9b7621b6923d097f3e0271e4bc6cb
rh-nginx18-nginx-debuginfo-1.8.1-1.el7.1.x86_64.rpm SHA-256: cd35b3df4364ac76160425f8373418b4cea898ea2d666b98e1b127eddb9376d8

Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 6

SRPM
rh-nginx18-nginx-1.8.1-1.el6.1.src.rpm SHA-256: b91f76d075bafdb8f078bdee2ee21ab84b69a9e38ce392b3d660cfb94aa02a97
x86_64
rh-nginx18-nginx-1.8.1-1.el6.1.x86_64.rpm SHA-256: f37aca83280536d252ff459ae306b1686bf3563d7984cfb1a4f82783ee0b00a2
rh-nginx18-nginx-debuginfo-1.8.1-1.el6.1.x86_64.rpm SHA-256: cb7bcaff23aded99c71f48183ee1d3b5b20de698ef5af8acd42a34c1fc830f25

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat, Inc.

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility