GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Thu May 27, 2021 8:26 pm Post subject: [ GLSA 202105-38 ] nginx |
 |
|
Gentoo Linux Security Advisory
Title: nginx: Remote code execution (GLSA 202105-38)
Severity: high
Exploitable: remote
Date: 2021-05-26
Bug(s): #792087
ID: 202105-38
Synopsis
A vulnerability in nginx could lead to remote code execution.
Background
nginx is a robust, small, and high performance HTTP and reverse proxy
server.
Affected Packages
Package: www-servers/nginx
Vulnerable: < 1.21.0
Unaffected: >= 1.20.1
Unaffected: >= 1.21.0
Architectures: All supported architectures
Description
It was discovered that nginx did not properly handle DNS responses when
“resolver” directive is used.
Impact
A remote attacker, able to provide DNS responses to a nginx instance,
could cause the execution of arbitrary code with the privileges of the
process or a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All nginx users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=www-servers/nginx-1.20.1"
|
All nginx mainline users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose
">=www-servers/nginx-1.21.0:mainline"
|
References
CVE-2021-23017 |
|
News & Announcements
