What is the severity of RHSA-2019:2745?

The severity of RHSA-2019:2745 is classified as important.

How do I fix RHSA-2019:2745?

To fix RHSA-2019:2745, you should update the affected packages to the specified remedial versions, such as 1.10.2-9.el6.1 or 1.10.2-9.el7.1.

Which versions of nginx are affected by RHSA-2019:2745?

RHSA-2019:2745 affects nginx versions up to and including 1.10.2-9.el6.1 and 1.10.2-9.el7.1.

What vulnerabilities are addressed in RHSA-2019:2745?

RHSA-2019:2745 addresses vulnerabilities related to denial of service in HTTP/2 (CVE-2019-9511) due to a large amount of data requests.

Is there a workaround for RHSA-2019:2745?

There are no specific workarounds for RHSA-2019:2745, and updating to the remedial versions is recommended for mitigation.

Vulnerability/
RHSA-2019:2745

12/9/2019

RHSA-2019:2745: Important: rh-nginx110-nginx security update

First published: Thu Sep 12 2019(Updated: )

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.<br>Security Fix(es):<br><li> HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511)</li> <li> HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513)</li> <li> HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Software	Affected Version	How to fix
redhat/rh-nginx110-nginx	<1.10.2-9.el7.1	1.10.2-9.el7.1
redhat/rh-nginx110-nginx	<1.10.2-9.el7.1	1.10.2-9.el7.1
redhat/rh-nginx110-nginx-debuginfo	<1.10.2-9.el7.1	1.10.2-9.el7.1
redhat/rh-nginx110-nginx-mod-http-image-filter	<1.10.2-9.el7.1	1.10.2-9.el7.1
redhat/rh-nginx110-nginx-mod-http-perl	<1.10.2-9.el7.1	1.10.2-9.el7.1
redhat/rh-nginx110-nginx-mod-http-xslt-filter	<1.10.2-9.el7.1	1.10.2-9.el7.1
redhat/rh-nginx110-nginx-mod-mail	<1.10.2-9.el7.1	1.10.2-9.el7.1
redhat/rh-nginx110-nginx-mod-stream	<1.10.2-9.el7.1	1.10.2-9.el7.1
redhat/rh-nginx110-nginx	<1.10.2-9.el6.1	1.10.2-9.el6.1
redhat/rh-nginx110-nginx	<1.10.2-9.el6.1	1.10.2-9.el6.1
redhat/rh-nginx110-nginx-debuginfo	<1.10.2-9.el6.1	1.10.2-9.el6.1
redhat/rh-nginx110-nginx-mod-http-image-filter	<1.10.2-9.el6.1	1.10.2-9.el6.1
redhat/rh-nginx110-nginx-mod-http-perl	<1.10.2-9.el6.1	1.10.2-9.el6.1
redhat/rh-nginx110-nginx-mod-http-xslt-filter	<1.10.2-9.el6.1	1.10.2-9.el6.1
redhat/rh-nginx110-nginx-mod-mail	<1.10.2-9.el6.1	1.10.2-9.el6.1
redhat/rh-nginx110-nginx-mod-stream	<1.10.2-9.el6.1	1.10.2-9.el6.1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of RHSA-2019:2745?
The severity of RHSA-2019:2745 is classified as important.
How do I fix RHSA-2019:2745?
To fix RHSA-2019:2745, you should update the affected packages to the specified remedial versions, such as 1.10.2-9.el6.1 or 1.10.2-9.el7.1.
Which versions of nginx are affected by RHSA-2019:2745?
RHSA-2019:2745 affects nginx versions up to and including 1.10.2-9.el6.1 and 1.10.2-9.el7.1.
What vulnerabilities are addressed in RHSA-2019:2745?
RHSA-2019:2745 addresses vulnerabilities related to denial of service in HTTP/2 (CVE-2019-9511) due to a large amount of data requests.
Is there a workaround for RHSA-2019:2745?
There are no specific workarounds for RHSA-2019:2745, and updating to the remedial versions is recommended for mitigation.

agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/references
agent/remedy
agent/severity
agent/softwarecombine
agent/tags
agent/title
agent/type
collector/redhat-errata
source/Red Hat
anchor-id/RHSA-2019:2745
agent/software-canonical-lookup
package-manager/redhat

Frequently Asked Questions

What is the severity of RHSA-2019:2745?
The severity of RHSA-2019:2745 is classified as important.
How do I fix RHSA-2019:2745?
To fix RHSA-2019:2745, you should update the affected packages to the specified remedial versions, such as 1.10.2-9.el6.1 or 1.10.2-9.el7.1.
Which versions of nginx are affected by RHSA-2019:2745?
RHSA-2019:2745 affects nginx versions up to and including 1.10.2-9.el6.1 and 1.10.2-9.el7.1.
What vulnerabilities are addressed in RHSA-2019:2745?
RHSA-2019:2745 addresses vulnerabilities related to denial of service in HTTP/2 (CVE-2019-9511) due to a large amount of data requests.
Is there a workaround for RHSA-2019:2745?
There are no specific workarounds for RHSA-2019:2745, and updating to the remedial versions is recommended for mitigation.

RHSA-2019:2745: Important: rh-nginx110-nginx security update

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of RHSA-2019:2745?

How do I fix RHSA-2019:2745?

Which versions of nginx are affected by RHSA-2019:2745?

What vulnerabilities are addressed in RHSA-2019:2745?

Is there a workaround for RHSA-2019:2745?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of RHSA-2019:2745?

How do I fix RHSA-2019:2745?

Which versions of nginx are affected by RHSA-2019:2745?

What vulnerabilities are addressed in RHSA-2019:2745?

Is there a workaround for RHSA-2019:2745?