Red Hat Product Errata RHSA-2021:2278 - Security Advisory
Issued:
2021-06-07
Updated:
2021-06-07

RHSA-2021:2278 - Security Advisory

Synopsis

Important: rh-nginx116-nginx security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for rh-nginx116-nginx is now available for Red Hat Software Collections.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.

Security Fix(es):

  • nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name (CVE-2021-23017)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The rh-nginx116-nginx service must be restarted for this update to take effect.

Affected Products

  • Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.7 x86_64
  • Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7.7 s390x
  • Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7.7 ppc64le
  • Red Hat Software Collections (for RHEL Server) 1 for RHEL 7 x86_64
  • Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7 s390x
  • Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7 ppc64le
  • Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7 x86_64

Fixes

  • BZ - 1963121 - CVE-2021-23017 nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name

Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.7

SRPM
rh-nginx116-nginx-1.16.1-6.el7.src.rpm SHA-256: 72d791547f80d5cb5f1d568a9b060637a6eedb9434598bbf41617a177e5f0ef7
x86_64
rh-nginx116-nginx-1.16.1-6.el7.x86_64.rpm SHA-256: 560f3dd1390c5e33782ad2ff9406a4f55d08c85324f576484d7c1f499f4f0bd5
rh-nginx116-nginx-debuginfo-1.16.1-6.el7.x86_64.rpm SHA-256: 7ec66dd49a5cc52b1e06bc972f91832a4c3e89f58a458481078286e1417c8a25
rh-nginx116-nginx-mod-http-image-filter-1.16.1-6.el7.x86_64.rpm SHA-256: 6dc6ef95e252884c9fab5c0971082e4d1d66339cd5e51753b7cc0430d1152013
rh-nginx116-nginx-mod-http-perl-1.16.1-6.el7.x86_64.rpm SHA-256: d76235e5dbf925ba1a39dc9975ad01642f200387299cc6f8df0c2fa8624c9d6e
rh-nginx116-nginx-mod-http-xslt-filter-1.16.1-6.el7.x86_64.rpm SHA-256: 33fc47adbcbedeceb59da81d445822edb11b9090c72492bb72ec80817ec82eaf
rh-nginx116-nginx-mod-mail-1.16.1-6.el7.x86_64.rpm SHA-256: 66973645d8ef7547e45761d1dfb8fcaef385420c42debaff91167b78d8fa31f2
rh-nginx116-nginx-mod-stream-1.16.1-6.el7.x86_64.rpm SHA-256: 41ab65375326bc8199161c0fd82dac1a18a1d8208222e9f024bb1c84855a8159

Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7.7

SRPM
rh-nginx116-nginx-1.16.1-6.el7.src.rpm SHA-256: 72d791547f80d5cb5f1d568a9b060637a6eedb9434598bbf41617a177e5f0ef7
s390x
rh-nginx116-nginx-1.16.1-6.el7.s390x.rpm SHA-256: 0a6a55f439577f3484438790c8f5cd2643ee389ae4f5880696e320fdd446c674
rh-nginx116-nginx-debuginfo-1.16.1-6.el7.s390x.rpm SHA-256: a9c736e4d29b130baa37ee022184d9ef6fc93675107784575bcaac751fb6bd77
rh-nginx116-nginx-mod-http-image-filter-1.16.1-6.el7.s390x.rpm SHA-256: be8d8b51b841d446a340960f8ab2e13dd70de3ac045054d7e8bd9fad7148fcb9
rh-nginx116-nginx-mod-http-perl-1.16.1-6.el7.s390x.rpm SHA-256: c27b138d79225272c807ff9ce4daf12895ca1b603614647ee104bc1b14738ab3
rh-nginx116-nginx-mod-http-xslt-filter-1.16.1-6.el7.s390x.rpm SHA-256: c661831ef592e51959216b3b66527512eea2d7c1af83dc9779dfbc5cf3e880db
rh-nginx116-nginx-mod-mail-1.16.1-6.el7.s390x.rpm SHA-256: cef4a58a296cc5970e0b5752bbc277209ca9cb60f778f0c90061d69d8111bdd0
rh-nginx116-nginx-mod-stream-1.16.1-6.el7.s390x.rpm SHA-256: 6ac3f6909848684a3358f3fa8f7320bf9ecafec77f88a17ed32c4f1ea092f8b5

Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7.7

SRPM
rh-nginx116-nginx-1.16.1-6.el7.src.rpm SHA-256: 72d791547f80d5cb5f1d568a9b060637a6eedb9434598bbf41617a177e5f0ef7
ppc64le
rh-nginx116-nginx-1.16.1-6.el7.ppc64le.rpm SHA-256: f226d977042ca3ef988963499c1905e1503e0eabc476cb751fcb2f021ca8beb2
rh-nginx116-nginx-debuginfo-1.16.1-6.el7.ppc64le.rpm SHA-256: 5368f12304191f8b1dafa78249b51fbceb8d830d7f1b5a5d42ae36f6b8e26f38
rh-nginx116-nginx-mod-http-image-filter-1.16.1-6.el7.ppc64le.rpm SHA-256: 83c0ca700e380aef39b24432321a261485e27b520a4dee5e5c3fae2155f726b2
rh-nginx116-nginx-mod-http-perl-1.16.1-6.el7.ppc64le.rpm SHA-256: 22381a78d2554cb95889810a00f7d2fdbd86faa243d0739f91b9a1938fd8063d
rh-nginx116-nginx-mod-http-xslt-filter-1.16.1-6.el7.ppc64le.rpm SHA-256: 0482319885c7d2919278b43f4e675a3207bd08735dc2fccb1c50f88debcdfcad
rh-nginx116-nginx-mod-mail-1.16.1-6.el7.ppc64le.rpm SHA-256: ae5a8e4557da8fcff140add0a691f75cb5856d8df9cec83b482bd7fa355ffef7
rh-nginx116-nginx-mod-stream-1.16.1-6.el7.ppc64le.rpm SHA-256: 115bd68f6a45778ef420412df74af1664a95496031c8e5cb5b89d511612cd78f

Red Hat Software Collections (for RHEL Server) 1 for RHEL 7

SRPM
rh-nginx116-nginx-1.16.1-6.el7.src.rpm SHA-256: 72d791547f80d5cb5f1d568a9b060637a6eedb9434598bbf41617a177e5f0ef7
x86_64
rh-nginx116-nginx-1.16.1-6.el7.x86_64.rpm SHA-256: 560f3dd1390c5e33782ad2ff9406a4f55d08c85324f576484d7c1f499f4f0bd5
rh-nginx116-nginx-debuginfo-1.16.1-6.el7.x86_64.rpm SHA-256: 7ec66dd49a5cc52b1e06bc972f91832a4c3e89f58a458481078286e1417c8a25
rh-nginx116-nginx-mod-http-image-filter-1.16.1-6.el7.x86_64.rpm SHA-256: 6dc6ef95e252884c9fab5c0971082e4d1d66339cd5e51753b7cc0430d1152013
rh-nginx116-nginx-mod-http-perl-1.16.1-6.el7.x86_64.rpm SHA-256: d76235e5dbf925ba1a39dc9975ad01642f200387299cc6f8df0c2fa8624c9d6e
rh-nginx116-nginx-mod-http-xslt-filter-1.16.1-6.el7.x86_64.rpm SHA-256: 33fc47adbcbedeceb59da81d445822edb11b9090c72492bb72ec80817ec82eaf
rh-nginx116-nginx-mod-mail-1.16.1-6.el7.x86_64.rpm SHA-256: 66973645d8ef7547e45761d1dfb8fcaef385420c42debaff91167b78d8fa31f2
rh-nginx116-nginx-mod-stream-1.16.1-6.el7.x86_64.rpm SHA-256: 41ab65375326bc8199161c0fd82dac1a18a1d8208222e9f024bb1c84855a8159

Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7

SRPM
rh-nginx116-nginx-1.16.1-6.el7.src.rpm SHA-256: 72d791547f80d5cb5f1d568a9b060637a6eedb9434598bbf41617a177e5f0ef7
s390x
rh-nginx116-nginx-1.16.1-6.el7.s390x.rpm SHA-256: 0a6a55f439577f3484438790c8f5cd2643ee389ae4f5880696e320fdd446c674
rh-nginx116-nginx-debuginfo-1.16.1-6.el7.s390x.rpm SHA-256: a9c736e4d29b130baa37ee022184d9ef6fc93675107784575bcaac751fb6bd77
rh-nginx116-nginx-mod-http-image-filter-1.16.1-6.el7.s390x.rpm SHA-256: be8d8b51b841d446a340960f8ab2e13dd70de3ac045054d7e8bd9fad7148fcb9
rh-nginx116-nginx-mod-http-perl-1.16.1-6.el7.s390x.rpm SHA-256: c27b138d79225272c807ff9ce4daf12895ca1b603614647ee104bc1b14738ab3
rh-nginx116-nginx-mod-http-xslt-filter-1.16.1-6.el7.s390x.rpm SHA-256: c661831ef592e51959216b3b66527512eea2d7c1af83dc9779dfbc5cf3e880db
rh-nginx116-nginx-mod-mail-1.16.1-6.el7.s390x.rpm SHA-256: cef4a58a296cc5970e0b5752bbc277209ca9cb60f778f0c90061d69d8111bdd0
rh-nginx116-nginx-mod-stream-1.16.1-6.el7.s390x.rpm SHA-256: 6ac3f6909848684a3358f3fa8f7320bf9ecafec77f88a17ed32c4f1ea092f8b5

Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7

SRPM
rh-nginx116-nginx-1.16.1-6.el7.src.rpm SHA-256: 72d791547f80d5cb5f1d568a9b060637a6eedb9434598bbf41617a177e5f0ef7
ppc64le
rh-nginx116-nginx-1.16.1-6.el7.ppc64le.rpm SHA-256: f226d977042ca3ef988963499c1905e1503e0eabc476cb751fcb2f021ca8beb2
rh-nginx116-nginx-debuginfo-1.16.1-6.el7.ppc64le.rpm SHA-256: 5368f12304191f8b1dafa78249b51fbceb8d830d7f1b5a5d42ae36f6b8e26f38
rh-nginx116-nginx-mod-http-image-filter-1.16.1-6.el7.ppc64le.rpm SHA-256: 83c0ca700e380aef39b24432321a261485e27b520a4dee5e5c3fae2155f726b2
rh-nginx116-nginx-mod-http-perl-1.16.1-6.el7.ppc64le.rpm SHA-256: 22381a78d2554cb95889810a00f7d2fdbd86faa243d0739f91b9a1938fd8063d
rh-nginx116-nginx-mod-http-xslt-filter-1.16.1-6.el7.ppc64le.rpm SHA-256: 0482319885c7d2919278b43f4e675a3207bd08735dc2fccb1c50f88debcdfcad
rh-nginx116-nginx-mod-mail-1.16.1-6.el7.ppc64le.rpm SHA-256: ae5a8e4557da8fcff140add0a691f75cb5856d8df9cec83b482bd7fa355ffef7
rh-nginx116-nginx-mod-stream-1.16.1-6.el7.ppc64le.rpm SHA-256: 115bd68f6a45778ef420412df74af1664a95496031c8e5cb5b89d511612cd78f

Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7

SRPM
rh-nginx116-nginx-1.16.1-6.el7.src.rpm SHA-256: 72d791547f80d5cb5f1d568a9b060637a6eedb9434598bbf41617a177e5f0ef7
x86_64
rh-nginx116-nginx-1.16.1-6.el7.x86_64.rpm SHA-256: 560f3dd1390c5e33782ad2ff9406a4f55d08c85324f576484d7c1f499f4f0bd5
rh-nginx116-nginx-debuginfo-1.16.1-6.el7.x86_64.rpm SHA-256: 7ec66dd49a5cc52b1e06bc972f91832a4c3e89f58a458481078286e1417c8a25
rh-nginx116-nginx-mod-http-image-filter-1.16.1-6.el7.x86_64.rpm SHA-256: 6dc6ef95e252884c9fab5c0971082e4d1d66339cd5e51753b7cc0430d1152013
rh-nginx116-nginx-mod-http-perl-1.16.1-6.el7.x86_64.rpm SHA-256: d76235e5dbf925ba1a39dc9975ad01642f200387299cc6f8df0c2fa8624c9d6e
rh-nginx116-nginx-mod-http-xslt-filter-1.16.1-6.el7.x86_64.rpm SHA-256: 33fc47adbcbedeceb59da81d445822edb11b9090c72492bb72ec80817ec82eaf
rh-nginx116-nginx-mod-mail-1.16.1-6.el7.x86_64.rpm SHA-256: 66973645d8ef7547e45761d1dfb8fcaef385420c42debaff91167b78d8fa31f2
rh-nginx116-nginx-mod-stream-1.16.1-6.el7.x86_64.rpm SHA-256: 41ab65375326bc8199161c0fd82dac1a18a1d8208222e9f024bb1c84855a8159

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.