Vulmon
Amazon Linux 2 Security Advisory: ALASNGINX1-2023-003
Advisory Release Date: 2023-08-07 06:17 Pacific
Advisory Updated Date: 2023-09-25 22:08 Pacific
Severity:
Important
Issue Overview:
A flaw was found in nginx. An off-by-one error while processing DNS responses allows a network attacker to write a dot character out of bounds in a heap allocated buffer which can allow overwriting the least significant byte of next heap chunk metadata likely leading to a remote code execution in certain circumstances. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-23017)
Affected Packages:
nginx
Issue Correction:
Run yum update nginx to update your system.
New Packages:
aarch64:
nginx-1.20.0-2.amzn2.0.3.aarch64
nginx-mod-http-geoip-1.20.0-2.amzn2.0.3.aarch64
nginx-mod-http-image-filter-1.20.0-2.amzn2.0.3.aarch64
nginx-mod-http-perl-1.20.0-2.amzn2.0.3.aarch64
nginx-mod-http-xslt-filter-1.20.0-2.amzn2.0.3.aarch64
nginx-mod-mail-1.20.0-2.amzn2.0.3.aarch64
nginx-mod-stream-1.20.0-2.amzn2.0.3.aarch64
nginx-debuginfo-1.20.0-2.amzn2.0.3.aarch64
noarch:
nginx-all-modules-1.20.0-2.amzn2.0.3.noarch
nginx-filesystem-1.20.0-2.amzn2.0.3.noarch
src:
nginx-1.20.0-2.amzn2.0.3.src
x86_64:
nginx-1.20.0-2.amzn2.0.3.x86_64
nginx-mod-http-geoip-1.20.0-2.amzn2.0.3.x86_64
nginx-mod-http-image-filter-1.20.0-2.amzn2.0.3.x86_64
nginx-mod-http-perl-1.20.0-2.amzn2.0.3.x86_64
nginx-mod-http-xslt-filter-1.20.0-2.amzn2.0.3.x86_64
nginx-mod-mail-1.20.0-2.amzn2.0.3.x86_64
nginx-mod-stream-1.20.0-2.amzn2.0.3.x86_64
nginx-debuginfo-1.20.0-2.amzn2.0.3.x86_64