Issued:
2021-06-07
Updated:
2021-06-07

RHSA-2021:2258 - Security Advisory

Synopsis

Important: rh-nginx118-nginx security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for rh-nginx118-nginx is now available for Red Hat Software Collections.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.

Security Fix(es):

  • nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name (CVE-2021-23017)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The rh-nginx118-nginx service must be restarted for this update to take effect.

Affected Products

  • Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.7 x86_64
  • Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7.7 s390x
  • Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7.7 ppc64le
  • Red Hat Software Collections (for RHEL Server) 1 for RHEL 7 x86_64
  • Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7 s390x
  • Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7 ppc64le
  • Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7 x86_64

Fixes

  • BZ - 1963121 - CVE-2021-23017 nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name

Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.7

SRPM
rh-nginx118-nginx-1.18.0-3.el7.src.rpm SHA-256: a8a1e9470a2e6a16e92646342452df1c736633da86e0047942cc5963dfca1a3f
x86_64
rh-nginx118-nginx-1.18.0-3.el7.x86_64.rpm SHA-256: 9c0cc6fa7da5db47c04c32fff7dd362a0be8f57aa065a1f342c43b07f111392f
rh-nginx118-nginx-debuginfo-1.18.0-3.el7.x86_64.rpm SHA-256: df901a271f1c2e3ac0560bdbfc2660c9a2bc08a7621a0f3350b2711b4399974b
rh-nginx118-nginx-mod-http-image-filter-1.18.0-3.el7.x86_64.rpm SHA-256: 515082593e92645519645f5f7c4d435649315debe73e4cce4f37aabafb312ea0
rh-nginx118-nginx-mod-http-perl-1.18.0-3.el7.x86_64.rpm SHA-256: 337fdd7b1c497984a37ccd819f8ff93bfb7f0e5df452aeefa8a64a527559807a
rh-nginx118-nginx-mod-http-xslt-filter-1.18.0-3.el7.x86_64.rpm SHA-256: d3cd85ac7ca45fa728c24cdabd4669117c10d7a0107f3f7ed0b1ef49aebd2e7a
rh-nginx118-nginx-mod-mail-1.18.0-3.el7.x86_64.rpm SHA-256: 897d8a650b4e29c1db67305504605007de53e44e95fa41518630e59d25d3d87f
rh-nginx118-nginx-mod-stream-1.18.0-3.el7.x86_64.rpm SHA-256: 6f95874c7fbd55ea3688a49d983210c023ceb2146eb9c4365bbed9ee63cb3a09

Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7.7

SRPM
rh-nginx118-nginx-1.18.0-3.el7.src.rpm SHA-256: a8a1e9470a2e6a16e92646342452df1c736633da86e0047942cc5963dfca1a3f
s390x
rh-nginx118-nginx-1.18.0-3.el7.s390x.rpm SHA-256: b2a118a1a0be2f9a943e93973c398de56f9c01179d5cdb42261a2b5be1500a2a
rh-nginx118-nginx-debuginfo-1.18.0-3.el7.s390x.rpm SHA-256: 155c8630e00d6f608d8e88ab11c48d7732b08a323b3c981a4f8f5665c9776760
rh-nginx118-nginx-mod-http-image-filter-1.18.0-3.el7.s390x.rpm SHA-256: 34d6836f5a89580df57eb9ca956d02dfba58c5051771b33ca316a5f3af4827b7
rh-nginx118-nginx-mod-http-perl-1.18.0-3.el7.s390x.rpm SHA-256: 608b7c7b7fd72466085bb1a0f693b29de0d124bc141f62ab18462b52adda89a4
rh-nginx118-nginx-mod-http-xslt-filter-1.18.0-3.el7.s390x.rpm SHA-256: 556dd263786c4c500de87859e811fef500d0e054c203af3666ffea8907d7127f
rh-nginx118-nginx-mod-mail-1.18.0-3.el7.s390x.rpm SHA-256: b9b554be8eedb9a4897c536f35503a551a58230326004889f30b91f2f28c7d36
rh-nginx118-nginx-mod-stream-1.18.0-3.el7.s390x.rpm SHA-256: d99bcdaf48d350083e86c72ae6ad7428e75a0fb859b11590bb0e1ddd01f46af9

Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7.7

SRPM
rh-nginx118-nginx-1.18.0-3.el7.src.rpm SHA-256: a8a1e9470a2e6a16e92646342452df1c736633da86e0047942cc5963dfca1a3f
ppc64le
rh-nginx118-nginx-1.18.0-3.el7.ppc64le.rpm SHA-256: 0fd00fa1ab5e6649d457a907b5ba94a8f6cbb243ab14f371d821f2d428c5b19e
rh-nginx118-nginx-debuginfo-1.18.0-3.el7.ppc64le.rpm SHA-256: e5646c0eeec754198214458e846272ee3b58373cdfd13acb1243ba2457ab93d9
rh-nginx118-nginx-mod-http-image-filter-1.18.0-3.el7.ppc64le.rpm SHA-256: d046dd35b449b4cea816b121bae19cc1852103797ac73933291afdc3cb25efab
rh-nginx118-nginx-mod-http-perl-1.18.0-3.el7.ppc64le.rpm SHA-256: 2bd663b1b1ccd6a17b4c5eecb6c85be4dfa28b8cdf64d1b79c3feb42b7bdf098
rh-nginx118-nginx-mod-http-xslt-filter-1.18.0-3.el7.ppc64le.rpm SHA-256: f126467606e3c4bce12b0346359be8c10b2b480309e131241661048de451d814
rh-nginx118-nginx-mod-mail-1.18.0-3.el7.ppc64le.rpm SHA-256: c44250c3f92f1bc9c6615027b60df11d9c9e9f498f0fb116b28c14de32791caa
rh-nginx118-nginx-mod-stream-1.18.0-3.el7.ppc64le.rpm SHA-256: 0215b0d98233e3877e1ebf6e2e4cf7ecae89256a8bff204dc8acd049717ed9a8

Red Hat Software Collections (for RHEL Server) 1 for RHEL 7

SRPM
rh-nginx118-nginx-1.18.0-3.el7.src.rpm SHA-256: a8a1e9470a2e6a16e92646342452df1c736633da86e0047942cc5963dfca1a3f
x86_64
rh-nginx118-nginx-1.18.0-3.el7.x86_64.rpm SHA-256: 9c0cc6fa7da5db47c04c32fff7dd362a0be8f57aa065a1f342c43b07f111392f
rh-nginx118-nginx-debuginfo-1.18.0-3.el7.x86_64.rpm SHA-256: df901a271f1c2e3ac0560bdbfc2660c9a2bc08a7621a0f3350b2711b4399974b
rh-nginx118-nginx-mod-http-image-filter-1.18.0-3.el7.x86_64.rpm SHA-256: 515082593e92645519645f5f7c4d435649315debe73e4cce4f37aabafb312ea0
rh-nginx118-nginx-mod-http-perl-1.18.0-3.el7.x86_64.rpm SHA-256: 337fdd7b1c497984a37ccd819f8ff93bfb7f0e5df452aeefa8a64a527559807a
rh-nginx118-nginx-mod-http-xslt-filter-1.18.0-3.el7.x86_64.rpm SHA-256: d3cd85ac7ca45fa728c24cdabd4669117c10d7a0107f3f7ed0b1ef49aebd2e7a
rh-nginx118-nginx-mod-mail-1.18.0-3.el7.x86_64.rpm SHA-256: 897d8a650b4e29c1db67305504605007de53e44e95fa41518630e59d25d3d87f
rh-nginx118-nginx-mod-stream-1.18.0-3.el7.x86_64.rpm SHA-256: 6f95874c7fbd55ea3688a49d983210c023ceb2146eb9c4365bbed9ee63cb3a09

Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7

SRPM
rh-nginx118-nginx-1.18.0-3.el7.src.rpm SHA-256: a8a1e9470a2e6a16e92646342452df1c736633da86e0047942cc5963dfca1a3f
s390x
rh-nginx118-nginx-1.18.0-3.el7.s390x.rpm SHA-256: b2a118a1a0be2f9a943e93973c398de56f9c01179d5cdb42261a2b5be1500a2a
rh-nginx118-nginx-debuginfo-1.18.0-3.el7.s390x.rpm SHA-256: 155c8630e00d6f608d8e88ab11c48d7732b08a323b3c981a4f8f5665c9776760
rh-nginx118-nginx-mod-http-image-filter-1.18.0-3.el7.s390x.rpm SHA-256: 34d6836f5a89580df57eb9ca956d02dfba58c5051771b33ca316a5f3af4827b7
rh-nginx118-nginx-mod-http-perl-1.18.0-3.el7.s390x.rpm SHA-256: 608b7c7b7fd72466085bb1a0f693b29de0d124bc141f62ab18462b52adda89a4
rh-nginx118-nginx-mod-http-xslt-filter-1.18.0-3.el7.s390x.rpm SHA-256: 556dd263786c4c500de87859e811fef500d0e054c203af3666ffea8907d7127f
rh-nginx118-nginx-mod-mail-1.18.0-3.el7.s390x.rpm SHA-256: b9b554be8eedb9a4897c536f35503a551a58230326004889f30b91f2f28c7d36
rh-nginx118-nginx-mod-stream-1.18.0-3.el7.s390x.rpm SHA-256: d99bcdaf48d350083e86c72ae6ad7428e75a0fb859b11590bb0e1ddd01f46af9

Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7

SRPM
rh-nginx118-nginx-1.18.0-3.el7.src.rpm SHA-256: a8a1e9470a2e6a16e92646342452df1c736633da86e0047942cc5963dfca1a3f
ppc64le
rh-nginx118-nginx-1.18.0-3.el7.ppc64le.rpm SHA-256: 0fd00fa1ab5e6649d457a907b5ba94a8f6cbb243ab14f371d821f2d428c5b19e
rh-nginx118-nginx-debuginfo-1.18.0-3.el7.ppc64le.rpm SHA-256: e5646c0eeec754198214458e846272ee3b58373cdfd13acb1243ba2457ab93d9
rh-nginx118-nginx-mod-http-image-filter-1.18.0-3.el7.ppc64le.rpm SHA-256: d046dd35b449b4cea816b121bae19cc1852103797ac73933291afdc3cb25efab
rh-nginx118-nginx-mod-http-perl-1.18.0-3.el7.ppc64le.rpm SHA-256: 2bd663b1b1ccd6a17b4c5eecb6c85be4dfa28b8cdf64d1b79c3feb42b7bdf098
rh-nginx118-nginx-mod-http-xslt-filter-1.18.0-3.el7.ppc64le.rpm SHA-256: f126467606e3c4bce12b0346359be8c10b2b480309e131241661048de451d814
rh-nginx118-nginx-mod-mail-1.18.0-3.el7.ppc64le.rpm SHA-256: c44250c3f92f1bc9c6615027b60df11d9c9e9f498f0fb116b28c14de32791caa
rh-nginx118-nginx-mod-stream-1.18.0-3.el7.ppc64le.rpm SHA-256: 0215b0d98233e3877e1ebf6e2e4cf7ecae89256a8bff204dc8acd049717ed9a8

Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7

SRPM
rh-nginx118-nginx-1.18.0-3.el7.src.rpm SHA-256: a8a1e9470a2e6a16e92646342452df1c736633da86e0047942cc5963dfca1a3f
x86_64
rh-nginx118-nginx-1.18.0-3.el7.x86_64.rpm SHA-256: 9c0cc6fa7da5db47c04c32fff7dd362a0be8f57aa065a1f342c43b07f111392f
rh-nginx118-nginx-debuginfo-1.18.0-3.el7.x86_64.rpm SHA-256: df901a271f1c2e3ac0560bdbfc2660c9a2bc08a7621a0f3350b2711b4399974b
rh-nginx118-nginx-mod-http-image-filter-1.18.0-3.el7.x86_64.rpm SHA-256: 515082593e92645519645f5f7c4d435649315debe73e4cce4f37aabafb312ea0
rh-nginx118-nginx-mod-http-perl-1.18.0-3.el7.x86_64.rpm SHA-256: 337fdd7b1c497984a37ccd819f8ff93bfb7f0e5df452aeefa8a64a527559807a
rh-nginx118-nginx-mod-http-xslt-filter-1.18.0-3.el7.x86_64.rpm SHA-256: d3cd85ac7ca45fa728c24cdabd4669117c10d7a0107f3f7ed0b1ef49aebd2e7a
rh-nginx118-nginx-mod-mail-1.18.0-3.el7.x86_64.rpm SHA-256: 897d8a650b4e29c1db67305504605007de53e44e95fa41518630e59d25d3d87f
rh-nginx118-nginx-mod-stream-1.18.0-3.el7.x86_64.rpm SHA-256: 6f95874c7fbd55ea3688a49d983210c023ceb2146eb9c4365bbed9ee63cb3a09

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.