操作系统--麒麟信安操作系统,国产操作系统,麒麟信安云桌面—

公告ID (KylinSec-SA-2023-1951)

摘要:

nginx security update

安全等级: High

公告ID: KylinSec-SA-2023-1951

发布日期: 2023年11月3日

关联CVE: CVE-2023-44487

详细介绍

1. 漏洞描述

NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server.

Security Fix(es):

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.(CVE-2023-44487)

2. 影响范围

cve名称	产品	组件	是否受影响
CVE-2023-44487	KY3.4-4A	nginx	Fixed
CVE-2023-44487	KY3.4-5A	nginx	Fixed
CVE-2023-44487	KY3.5.1	nginx	Fixed
CVE-2023-44487	KY3.5.2	nginx	Fixed

3. 影响组件

nginx

4. 修复版本

KY3.5.1

软件名称	架构	版本号
nginx-help	noarch	1.21.5-5.kb1.ky3_5
nginx-filesystem	noarch	1.21.5-5.kb1.ky3_5
nginx-all-modules	noarch	1.21.5-5.kb1.ky3_5
nginx-mod-mail	x86_64	1.21.5-5.kb1.ky3_5
nginx-mod-stream	x86_64	1.21.5-5.kb1.ky3_5
nginx-mod-http-perl	x86_64	1.21.5-5.kb1.ky3_5
nginx-mod-http-xslt-filter	x86_64	1.21.5-5.kb1.ky3_5
nginx-mod-http-image-filter	x86_64	1.21.5-5.kb1.ky3_5
nginx	x86_64	1.21.5-5.kb1.ky3_5
nginx-mod-devel	x86_64	1.21.5-5.kb1.ky3_5
nginx-mod-devel	aarch64	1.21.5-5.kb1.ky3_5
nginx-mod-http-image-filter	aarch64	1.21.5-5.kb1.ky3_5
nginx-mod-http-xslt-filter	aarch64	1.21.5-5.kb1.ky3_5
nginx-mod-http-perl	aarch64	1.21.5-5.kb1.ky3_5
nginx-mod-stream	aarch64	1.21.5-5.kb1.ky3_5
nginx-mod-mail	aarch64	1.21.5-5.kb1.ky3_5
nginx	aarch64	1.21.5-5.kb1.ky3_5

KY3.4-4A

软件名称	架构	版本号
nginx-all-modules	noarch	1.21.5-4.kb2.ky3_4
nginx-filesystem	noarch	1.21.5-4.kb2.ky3_4
nginx-mod-devel	x86_64	1.21.5-4.kb2.ky3_4
nginx-mod-http-xslt-filter	x86_64	1.21.5-4.kb2.ky3_4
nginx-mod-stream	x86_64	1.21.5-4.kb2.ky3_4
nginx-mod-mail	x86_64	1.21.5-4.kb2.ky3_4
nginx	x86_64	1.21.5-4.kb2.ky3_4
nginx-mod-http-perl	x86_64	1.21.5-4.kb2.ky3_4
nginx-mod-http-image-filter	x86_64	1.21.5-4.kb2.ky3_4
nginx-mod-http-perl	aarch64	1.21.5-4.kb2.ky3_4
nginx-mod-mail	aarch64	1.21.5-4.kb2.ky3_4
nginx-mod-http-xslt-filter	aarch64	1.21.5-4.kb2.ky3_4
nginx-mod-http-image-filter	aarch64	1.21.5-4.kb2.ky3_4
nginx	aarch64	1.21.5-4.kb2.ky3_4
nginx-mod-stream	aarch64	1.21.5-4.kb2.ky3_4
nginx-mod-devel	aarch64	1.21.5-4.kb2.ky3_4

KY3.4-5A

软件名称	架构	版本号
nginx-all-modules	noarch	1.21.5-4.kb2.ky3_4
nginx-filesystem	noarch	1.21.5-4.kb2.ky3_4
nginx-mod-http-perl	x86_64	1.21.5-4.kb2.ky3_4
nginx-mod-devel	x86_64	1.21.5-4.kb2.ky3_4
nginx-mod-http-xslt-filter	x86_64	1.21.5-4.kb2.ky3_4
nginx-mod-stream	x86_64	1.21.5-4.kb2.ky3_4
nginx-mod-http-image-filter	x86_64	1.21.5-4.kb2.ky3_4
nginx	x86_64	1.21.5-4.kb2.ky3_4
nginx-mod-mail	x86_64	1.21.5-4.kb2.ky3_4
nginx-mod-mail	aarch64	1.21.5-4.kb2.ky3_4
nginx-mod-http-perl	aarch64	1.21.5-4.kb2.ky3_4
nginx	aarch64	1.21.5-4.kb2.ky3_4
nginx-mod-stream	aarch64	1.21.5-4.kb2.ky3_4
nginx-mod-devel	aarch64	1.21.5-4.kb2.ky3_4
nginx-mod-http-xslt-filter	aarch64	1.21.5-4.kb2.ky3_4
nginx-mod-http-image-filter	aarch64	1.21.5-4.kb2.ky3_4

KY3.5.2

软件名称	架构	版本号
nginx-all-modules	noarch	1.21.5-6.ky3_5.kb1
nginx-filesystem	noarch	1.21.5-6.ky3_5.kb1
nginx-help	noarch	1.21.5-6.ky3_5.kb1
nginx-mod-http-perl	x86_64	1.21.5-6.ky3_5.kb1
nginx-mod-http-image-filter	x86_64	1.21.5-6.ky3_5.kb1
nginx	x86_64	1.21.5-6.ky3_5.kb1
nginx-mod-stream	x86_64	1.21.5-6.ky3_5.kb1
nginx-mod-mail	x86_64	1.21.5-6.ky3_5.kb1
nginx-mod-http-xslt-filter	x86_64	1.21.5-6.ky3_5.kb1
nginx-mod-devel	x86_64	1.21.5-6.ky3_5.kb1
nginx-mod-http-xslt-filter	aarch64	1.21.5-6.ky3_5.kb1
nginx-mod-http-perl	aarch64	1.21.5-6.ky3_5.kb1
nginx-mod-devel	aarch64	1.21.5-6.ky3_5.kb1
nginx-mod-http-image-filter	aarch64	1.21.5-6.ky3_5.kb1
nginx-mod-mail	aarch64	1.21.5-6.ky3_5.kb1
nginx-mod-stream	aarch64	1.21.5-6.ky3_5.kb1
nginx	aarch64	1.21.5-6.ky3_5.kb1