Package: nginx / 1.14.2-2+deb10u1

Metadata

Package Version Patches format
nginx 1.14.2-2+deb10u1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
0002 Make sure signature stays the same in all nginx buil.patch | (download)

configure | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

 make sure signature stays the same in all nginx builds

NGX_HTTP_HEADERS is part of nginx signature. When a dyn
modules is loaded the signature of the module is compared
to the one of the nginx binary.

dyn modules are build from nginx-full, so in order to make
them loadable in other flavors we need to make sure all the
binaries share the same signature.

0003 define_gnu_source on other glibc based platforms.patch | (download)

src/os/unix/ngx_posix_config.h | 5 4 + 1 - 0 !
1 file changed, 4 insertions(+), 1 deletion(-)

 use _gnu_source on gnu/kfreebsd

Define _GNU_SOURCE not only on GNU/Hurd, but also other glibc-based
platforms including GNU/kFreeBSD.

CVE 2019 9516.patch | (download)

src/http/v2/ngx_http_v2.c | 12 8 + 4 - 0 !
1 file changed, 8 insertions(+), 4 deletions(-)

 [patch 1/3] http/2: reject zero length headers with protocol_error.

Fixed uncontrolled memory growth if peer sends a stream of
headers with a 0-length header name and 0-length header value.
Fix is to reject headers with zero name length.

CVE 2019 9511.patch | (download)

src/http/v2/ngx_http_v2.c | 2 2 + 0 - 0 !
src/http/v2/ngx_http_v2.h | 2 2 + 0 - 0 !
src/http/v2/ngx_http_v2_filter_module.c | 22 17 + 5 - 0 !
3 files changed, 21 insertions(+), 5 deletions(-)

 [patch 2/3] http/2: limited number of data frames.

Fixed excessive memory growth and CPU usage if stream windows are
manipulated in a way that results in generating many small DATA frames.
Fix is to limit the number of simultaneously allocated DATA frames.

CVE 2019 9513.patch | (download)

src/http/v2/ngx_http_v2.c | 10 10 + 0 - 0 !
src/http/v2/ngx_http_v2.h | 1 1 + 0 - 0 !
2 files changed, 11 insertions(+)

 [patch 3/3] http/2: limited number of priority frames.

Fixed excessive CPU usage caused by a peer that continuously shuffles
priority of streams.  Fix is to limit the number of PRIORITY frames.