Ubuntu - nginx vulnerability (2020-01-15)

USN-4235-2: nginx vulnerability

nginx vulnerability<br>A security issue affects these releases of Ubuntu and its derivatives:<br>Ubuntu 14.04 ESM<br>Summary<br>nginx could be made to expose sensitive information over the network.<br>Software Description<br>nginx - small, powerful, scalable web/proxy server<br>Details<br>USN-4235-1 fixed a vulnerability in nginx. This update provides the corresponding update for Ubuntu 14.04 ESM.<br>Original advisory details:<br>Bert JW Regeer and Francisco Oca Gonzalez discovered that nginx incorrectly handled certain error_page configurations. A remote attacker could possibly use this issue to perform HTTP request smuggling attacks and access resources contrary to expectations.<br>Update instructions<br>The problem can be corrected by updating your system to the following package versions:<br>Ubuntu 14.04 ESM<br>nginx-common - 1.4.6-1ubuntu3.9+esm1<br>nginx-core - 1.4.6-1ubuntu3.9+esm1<br>nginx-extras - 1.4.6-1ubuntu3.9+esm1<br>nginx-full - 1.4.6-1ubuntu3.9+esm1<br>nginx-light - 1.4.6-1ubuntu3.9+esm1<br>To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.<br>In general, a standard system update will make all the necessary changes.<br>References<br>USN-4235-1<br>CVE-2019-20372<br>]]&gt;

Ubuntu是一个以桌面应用为主的Linux操作系统

CVE-2019-20372

暂无

暂无

https://usn.ubuntu.com/4235-2/