group.of.nepali.translators team mailing list archive

[Steve Beattie <sbeattie@xxxxxxxxxx>]

These were addressed in disco in 1.15.6-0ubuntu1, closing. Thanks!

** Changed in: nginx (Ubuntu)
       Status: Fix Committed => Fix Released

** Changed in: nginx (Ubuntu Disco)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1801982

Title:
  Security Advisory - Nov. 6, 2018 - CVE-2018-16843, CVE-2018-16844

Status in nginx package in Ubuntu:
  Fix Released
Status in nginx source package in Xenial:
  Fix Released
Status in nginx source package in Bionic:
  Fix Released
Status in nginx source package in Cosmic:
  Fix Released
Status in nginx source package in Disco:
  Fix Released

Bug description:
  The following was put out in a security advisory notice over nginx-
  announce's mailing list today:

  http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html

  Hello!

  Two security issues were identified in nginx HTTP/2 implementation,
  which might cause excessive memory consumption (CVE-2018-16843)
  and CPU usage (CVE-2018-16844).

  The issues affect nginx compiled with the ngx_http_v2_module (not
  compiled by default) if the "http2" option of the "listen" directive is
  used in a configuration file.

  The issues affect nginx 1.9.5 - 1.15.5.
  The issues are fixed in nginx 1.15.6, 1.14.1.

  Thanks to Gal Goldshtein from F5 Networks for initial report of the CPU
  usage issue.

  -----

  Based on the version strings specified, the following Ubuntu versions
  of nginx are affected:

  * Xenial (1.9.15-0ubuntu1, 1.10.3-0ubuntu0.16.04.2)
  * Bionic (1.14.0-0ubuntu1, 1.14.0-0ubuntu1.1)
  * Cosmic (1.15.0-0ubuntu1, 1.15.0-0ubuntu2)
  * Disco  (1.15.0-0ubuntu1, 1.15.0-0ubuntu3)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1801982/+subscriptions