First published: Wed Oct 31 2018(Updated: )
IDE Xcode Server. Multiple issues were addressed by updating nginx to version 1.21.0.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/nginx | <1.15.6 | 1.15.6 |
redhat/nginx | <1.14.1 | 1.14.1 |
ubuntu/nginx | <1.15.6 | 1.15.6 |
ubuntu/nginx | <1.4.6-1ubuntu3.9 | 1.4.6-1ubuntu3.9 |
ubuntu/nginx | <1.10.3-0ubuntu0.16.04.3 | 1.10.3-0ubuntu0.16.04.3 |
ubuntu/nginx | <1.14.0-0ubuntu1.2 | 1.14.0-0ubuntu1.2 |
ubuntu/nginx | <1.15.5-0ubuntu2.1 | 1.15.5-0ubuntu2.1 |
>=1.0.7<=1.0.15 | ||
>=1.1.3<=1.15.5 | ||
=8.0 | ||
=9.0 | ||
=14.04 | ||
=16.04 | ||
=18.04 | ||
=18.10 | ||
=15.1 | ||
<13.0 | ||
F5 Nginx | >=1.0.7<=1.0.15 | |
F5 Nginx | >=1.1.3<=1.15.5 | |
Debian Debian Linux | =8.0 | |
Debian Debian Linux | =9.0 | |
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =18.10 | |
openSUSE Leap | =15.1 | |
Apple Xcode | <13.0 | |
debian/nginx | 1.14.2-2+deb10u4 1.14.2-2+deb10u5 1.18.0-6.1+deb11u3 1.22.1-9 1.24.0-2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2018-16845 is a vulnerability in nginx that allows an attacker to cause an infinite loop, crash a worker process, or disclose memory by using a specially crafted mp4 file.
The severity of CVE-2018-16845 is high, with a CVSS score of 6.1.
Apple Xcode, Debian Linux, Canonical Ubuntu Linux, openSUSE Leap, F5 Nginx, and certain versions of nginx on Ubuntu and Red Hat are affected by CVE-2018-16845.
To fix CVE-2018-16845, update nginx to version 1.21.0 or later.
You can find more information about CVE-2018-16845 at the following references: Apple support page, nginx announcement, and Red Hat Bugzilla.