Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2019.3482
Important: rh-nginx110-nginx security update
13 September 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: rh-nginx110-nginx
Publisher: Red Hat
Operating System: Red Hat Enterprise Linux Server 6
Red Hat Enterprise Linux WS/Desktop 6
Red Hat Enterprise Linux Server 7
Red Hat Enterprise Linux WS/Desktop 7
Impact/Access: Denial of Service -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2019-9516 CVE-2019-9513 CVE-2019-9511
Reference: ASB-2019.0238
ESB-2019.3479
ESB-2019.3417
ESB-2019.3384
ESB-2019.3325
Original Bulletin:
https://access.redhat.com/errata/RHSA-2019:2745
https://access.redhat.com/errata/RHSA-2019:2746
Comment: This bulletin contains two (2) Red Hat security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: rh-nginx110-nginx security update
Advisory ID: RHSA-2019:2745-01
Product: Red Hat Software Collections
Advisory URL: https://access.redhat.com/errata/RHSA-2019:2745
Issue date: 2019-09-12
CVE Names: CVE-2019-9511 CVE-2019-9513 CVE-2019-9516
=====================================================================
1. Summary:
An update for rh-nginx110-nginx is now available for Red Hat Software
Collections.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
3. Description:
nginx is a web and proxy server supporting HTTP and other protocols, with a
focus on high concurrency, performance, and low memory usage.
Security Fix(es):
* HTTP/2: large amount of data request leads to denial of service
(CVE-2019-9511)
* HTTP/2: flood using PRIORITY frames resulting in excessive resource
consumption (CVE-2019-9513)
* HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
The rh-nginx110-nginx service must be restarted for this update to take
effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption
1741860 - CVE-2019-9511 HTTP/2: large amount of data request leads to denial of service
1741864 - CVE-2019-9516 HTTP/2: 0-length headers leads to denial of service
6. Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source:
rh-nginx110-nginx-1.10.2-9.el6.1.src.rpm
x86_64:
rh-nginx110-nginx-1.10.2-9.el6.1.x86_64.rpm
rh-nginx110-nginx-debuginfo-1.10.2-9.el6.1.x86_64.rpm
rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el6.1.x86_64.rpm
rh-nginx110-nginx-mod-http-perl-1.10.2-9.el6.1.x86_64.rpm
rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el6.1.x86_64.rpm
rh-nginx110-nginx-mod-mail-1.10.2-9.el6.1.x86_64.rpm
rh-nginx110-nginx-mod-stream-1.10.2-9.el6.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source:
rh-nginx110-nginx-1.10.2-9.el6.1.src.rpm
x86_64:
rh-nginx110-nginx-1.10.2-9.el6.1.x86_64.rpm
rh-nginx110-nginx-debuginfo-1.10.2-9.el6.1.x86_64.rpm
rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el6.1.x86_64.rpm
rh-nginx110-nginx-mod-http-perl-1.10.2-9.el6.1.x86_64.rpm
rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el6.1.x86_64.rpm
rh-nginx110-nginx-mod-mail-1.10.2-9.el6.1.x86_64.rpm
rh-nginx110-nginx-mod-stream-1.10.2-9.el6.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source:
rh-nginx110-nginx-1.10.2-9.el7.1.src.rpm
x86_64:
rh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm
rh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm
rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm
rh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm
rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm
rh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm
rh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):
Source:
rh-nginx110-nginx-1.10.2-9.el7.1.src.rpm
x86_64:
rh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm
rh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm
rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm
rh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm
rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm
rh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm
rh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):
Source:
rh-nginx110-nginx-1.10.2-9.el7.1.src.rpm
x86_64:
rh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm
rh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm
rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm
rh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm
rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm
rh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm
rh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):
Source:
rh-nginx110-nginx-1.10.2-9.el7.1.src.rpm
x86_64:
rh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm
rh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm
rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm
rh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm
rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm
rh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm
rh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):
Source:
rh-nginx110-nginx-1.10.2-9.el7.1.src.rpm
x86_64:
rh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm
rh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm
rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm
rh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm
rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm
rh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm
rh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source:
rh-nginx110-nginx-1.10.2-9.el7.1.src.rpm
x86_64:
rh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm
rh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm
rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm
rh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm
rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm
rh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm
rh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2019-9511
https://access.redhat.com/security/cve/CVE-2019-9513
https://access.redhat.com/security/cve/CVE-2019-9516
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBXXoyktzjgjWX9erEAQhqVxAApUw26k8XmcjEQM1gNlPgcNvj98eqGOxP
vsQLEYCjMQuNtZdeZdgSGv1RLdIxK60CByHpOpy4HVa2cN96CLTDl+cRd2l5JyK2
mVCGTg6Iyin0Vp0gRLG8xwUZqiqfwRRmdvFaK2YD8sH3ykBAheg3udRBr11/l8X+
4kBCmOttfl0ZTNe/VBi8j5l8bpSZm2W9Hw0gzdzFikI8ScPSOzZkmgRXT3LBCt2k
rNGGNrrJLOC9jqwsNea6WXIpmTIdbtiAnL6V22adVjdBGkoJBxe79pqdgvJNYC14
ENl1NKX0UEidrYZ/PS6YtCnFNEpsONM43ZtHliEzMxYCnk/pQNAx4iArdf81tKG6
uglPwQlgaEJm+/2Nnlst07cABT9boYOUcGiKpQhzzs9QuABqJN1u2ZgTDmQkq9gU
BGuV3ejUHRHlYuMyNNS/L9SLDAHptsCEzpEzr8Vl4T+m1ah9+AUeI+PqgO1n/1Nl
Omt/g+f6ErlKMF2Jf8VkuYnLroqptZefYQJ1+mP9PhYYCh7jw3r00xi036SNeR/0
Elhvl6t48tYTZogIaOetCuJGgukluOPlYBJAlj2/pQjWlAWAYvvb5ha0fitXbDJR
LF0KoJoT/6yZLD+XAuHkM9j7spA0iND1czI5j1Ay6R6DnsGAubJxdB4L0RRQ2U7X
zMtgbVh8BNU=
=zH69
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: rh-nginx112-nginx security update
Advisory ID: RHSA-2019:2746-01
Product: Red Hat Software Collections
Advisory URL: https://access.redhat.com/errata/RHSA-2019:2746
Issue date: 2019-09-12
CVE Names: CVE-2019-9511 CVE-2019-9513 CVE-2019-9516
=====================================================================
1. Summary:
An update for rh-nginx112-nginx is now available for Red Hat Software
Collections.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64le, s390x, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - ppc64le, s390x, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - ppc64le, s390x, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, s390x, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
3. Description:
nginx is a web and proxy server supporting HTTP and other protocols, with a
focus on high concurrency, performance, and low memory usage.
Security Fix(es):
* HTTP/2: large amount of data request leads to denial of service
(CVE-2019-9511)
* HTTP/2: flood using PRIORITY frames resulting in excessive resource
consumption (CVE-2019-9513)
* HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
The rh-nginx112-nginx service must be restarted for this update to take
effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption
1741860 - CVE-2019-9511 HTTP/2: large amount of data request leads to denial of service
1741864 - CVE-2019-9516 HTTP/2: 0-length headers leads to denial of service
6. Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source:
rh-nginx112-nginx-1.12.1-3.el7.1.src.rpm
aarch64:
rh-nginx112-nginx-1.12.1-3.el7.1.aarch64.rpm
rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.aarch64.rpm
rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.aarch64.rpm
rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.aarch64.rpm
rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.aarch64.rpm
rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.aarch64.rpm
ppc64le:
rh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm
rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm
rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm
rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm
rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm
rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm
s390x:
rh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm
rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm
rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm
rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm
rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm
rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source:
rh-nginx112-nginx-1.12.1-3.el7.1.src.rpm
aarch64:
rh-nginx112-nginx-1.12.1-3.el7.1.aarch64.rpm
rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.aarch64.rpm
rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.aarch64.rpm
rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.aarch64.rpm
rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.aarch64.rpm
rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.aarch64.rpm
ppc64le:
rh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm
rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm
rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm
rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm
rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm
rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm
s390x:
rh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm
rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm
rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm
rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm
rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm
rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm
x86_64:
rh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm
rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm
rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm
rh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm
rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm
rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm
rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):
Source:
rh-nginx112-nginx-1.12.1-3.el7.1.src.rpm
ppc64le:
rh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm
rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm
rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm
rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm
rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm
rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm
s390x:
rh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm
rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm
rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm
rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm
rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm
rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm
x86_64:
rh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm
rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm
rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm
rh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm
rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm
rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm
rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):
Source:
rh-nginx112-nginx-1.12.1-3.el7.1.src.rpm
ppc64le:
rh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm
rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm
rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm
rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm
rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm
rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm
s390x:
rh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm
rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm
rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm
rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm
rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm
rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm
x86_64:
rh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm
rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm
rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm
rh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm
rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm
rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm
rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):
Source:
rh-nginx112-nginx-1.12.1-3.el7.1.src.rpm
ppc64le:
rh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm
rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm
rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm
rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm
rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm
rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm
s390x:
rh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm
rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm
rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm
rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm
rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm
rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm
x86_64:
rh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm
rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm
rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm
rh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm
rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm
rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm
rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):
Source:
rh-nginx112-nginx-1.12.1-3.el7.1.src.rpm
ppc64le:
rh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm
rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm
rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm
rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm
rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm
rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm
s390x:
rh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm
rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm
rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm
rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm
rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm
rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm
x86_64:
rh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm
rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm
rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm
rh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm
rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm
rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm
rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source:
rh-nginx112-nginx-1.12.1-3.el7.1.src.rpm
x86_64:
rh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm
rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm
rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm
rh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm
rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm
rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm
rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2019-9511
https://access.redhat.com/security/cve/CVE-2019-9513
https://access.redhat.com/security/cve/CVE-2019-9516
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBXXo0dNzjgjWX9erEAQhefQ//dizpNyk55ohd3bzckhrY1IwL4dPGUqa9
PPhd+kqZlhQYr8VqABpda7hXEg65TUrrz8eM8BESmoNc/4vdUjzbO0KI5ByM2zgS
ieDmP/4dcZtKlYH6TmSaRMZ5+D1jdgcoP6nkwuC/4a+b0HyB+9P6z/Prn94RLM5d
kbhKEU1nLqNW7KjxSYtHU8Nc0n34WeXKiNaLHviV7dFbC0Pxhlt0W/2CpNDsgvco
rGHbK6pWsajWGdYZ78zSrnmAIGn6R84LEK8kRcCzzm0c7ehewC4vkSghdCqfqLC2
PO2koEfNNYRPSA8WgEZYBjVAIkGJz7mhDBN99kOQjf3VDpgPmOa+NJ0pDel6F7Nv
oEx8ruGYQzLt0z2aCaY7lavHJ4isCJOHE7hvyqgumDmpkC14bxNrhjy+65o6fQVS
7RrzBtPtRTR2UAH0NhkKTXDjVS7NK+OIEcb1mj19DUvMUXDHLaZfYos0erqqf9j/
issNZShxG2rbCBlDZRC875AAeby/0k0ETYg8VeqazhtSaNF2wx0ZnanoOQ+skFaO
7QmNe8O4vrk5A0yFhSjVrYNj2A51XplqXdrdmaN6FEKGm0WEd3BkLEX352bo5NHt
fXpdT29tQwd5IHBsx5Ti3ik2lzxIRzRChed8Hnu4xHs/j++rJMNkQ39ku8kmqXVL
pTuQ2UprbLU=
=PAtT
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXXrbhmaOgq3Tt24GAQjYSg/9HQtmhmZWWXpztpsi4NTySx8+M1iK210e
da8GtOf/nfn3w+h5GYncii0YcH7HJrfj5YQPFlK22JR+hziIuoogXzrDhldeXJzo
2fWaDBHcnAsN8pLmm5AI2ATGruc7b7u6Qtg1t/wOmrKwY6Srfk1d1ZHefx3T6aba
oEux0+8VXH7PloyisbPi5wsYKhrJoe0BwZO4vF0RED6NIEGiycp5aR3NlchLw5i/
ZxAosVujwnmy138JXY48xV1WTdBY+6yjkCM9cCATjm4a9wogteprMJhEXLpLx7jl
Mtvc2Hzq/tb/Q9ZzmaJDx23nFTYwQLnJ4lK7Y4LFiPUQyXVe5n7ARAhZ+lLw5zWt
OoDqcHy0efYv2/ImvD5KDzm8I0+maVMIezxzQra36peIa7VYmcpInRNzwmm2oJT9
LNB2Z2VHAWoNhFtGWSgbSrk0j787luDFWGUJbRLt0m124qzplxTBi1pjQvTwS+kI
QD3ufr2mPW1U3x3R9xzsp0LUhk+9YIEEZAAUtRCWISY48olaEAlbLz0cNC3R6XKV
PfoobM9vFT9s2XC8AkqdJQ6AM++L+iV2mZiuKyn9VOJKWrybUZqIaAf3O+7m9Aa1
UsIPQNUGXG3snaOQhq91VwrrQMFh8ANrdfFCMACdIKu/xYo4u4+8mZEz4L7bH9GT
K4Zqdy08kAs=
=Z9Qd
-----END PGP SIGNATURE-----