Security Advisory - Nov. 6, 2018 - CVE-2018-16843, CVE-2018-16844

Bug #1801982 reported by Thomas Ward on 2018-11-06
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
nginx (Ubuntu)
Status tracked in Disco
Xenial
Medium
Unassigned
Bionic
Medium
Unassigned
Cosmic
Medium
Unassigned
Disco
Medium
Thomas Ward

Bug Description

The following was put out in a security advisory notice over nginx-announce's mailing list today:

http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html

Hello!

Two security issues were identified in nginx HTTP/2 implementation,
which might cause excessive memory consumption (CVE-2018-16843)
and CPU usage (CVE-2018-16844).

The issues affect nginx compiled with the ngx_http_v2_module (not
compiled by default) if the "http2" option of the "listen" directive is
used in a configuration file.

The issues affect nginx 1.9.5 - 1.15.5.
The issues are fixed in nginx 1.15.6, 1.14.1.

Thanks to Gal Goldshtein from F5 Networks for initial report of the CPU
usage issue.

-----

Based on the version strings specified, the following Ubuntu versions of nginx are affected:

* Xenial (1.9.15-0ubuntu1, 1.10.3-0ubuntu0.16.04.2)
* Bionic (1.14.0-0ubuntu1, 1.14.0-0ubuntu1.1)
* Cosmic (1.15.0-0ubuntu1, 1.15.0-0ubuntu2)
* Disco (1.15.0-0ubuntu1, 1.15.0-0ubuntu3)

CVE References

Thomas Ward (teward) on 2018-11-06
Changed in nginx (Ubuntu Bionic):
status: New → Confirmed
Changed in nginx (Ubuntu Cosmic):
status: New → Confirmed
Changed in nginx (Ubuntu Xenial):
status: New → Confirmed
Thomas Ward (teward) on 2018-11-06
description: updated
Thomas Ward (teward) on 2018-11-06
Changed in nginx (Ubuntu Xenial):
importance: Undecided → Medium
Changed in nginx (Ubuntu Bionic):
importance: Undecided → Medium
Changed in nginx (Ubuntu Cosmic):
importance: Undecided → Medium
Changed in nginx (Ubuntu Disco):
importance: Undecided → Medium
assignee: nobody → Thomas Ward (teward)
Thomas Ward (teward) on 2018-11-07
Changed in nginx (Ubuntu Xenial):
status: Confirmed → Fix Released
Changed in nginx (Ubuntu Bionic):
status: Confirmed → Fix Released
Changed in nginx (Ubuntu Cosmic):
status: Confirmed → Fix Released
Thomas Ward (teward) on 2018-11-13
Changed in nginx (Ubuntu Disco):
status: Confirmed → Fix Committed
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers