nginx 1.10.3-0ubuntu0.16.04.3 source package in Ubuntu

Changelog

nginx (1.10.3-0ubuntu0.16.04.3) xenial-security; urgency=medium

  * SECURITY UPDATE: excessive memory consumption in HTTP/2 implementation
    - debian/patches/CVE-2018-16843.patch: add flood detection in
      src/http/v2/ngx_http_v2.c, src/http/v2/ngx_http_v2.h.
    - CVE-2018-16843
  * SECURITY UPDATE: excessive CPU usage in HTTP/2 implementation
    - debian/patches/CVE-2018-16844-pre.patch: backport new
      http2_max_requests directive.
    - debian/patches/CVE-2018-16844.patch: limit the number of idle state
      switches in src/http/v2/ngx_http_v2.c, src/http/v2/ngx_http_v2.h.
    - CVE-2018-16844
  * SECURITY UPDATE: infinite loop in ngx_http_mp4_module
    - debian/patches/CVE-2018-16845.patch: fixed reading 64-bit atoms in
      src/http/modules/ngx_http_mp4_module.c.
    - CVE-2018-16845

 -- Marc Deslauriers <email address hidden>  Tue, 06 Nov 2018 13:55:13 -0500

Upload details

Uploaded by:
Marc Deslauriers on 2018-11-06
Uploaded to:
Xenial
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
httpd
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Xenial updates on 2018-11-07 main web
Xenial security on 2018-11-07 main web

Downloads

File Size SHA-256 Checksum
nginx_1.10.3.orig.tar.gz 890.1 KiB 75020f1364cac459cb733c4e1caed2d00376e40ea05588fb8793076a4c69dd90
nginx_1.10.3-0ubuntu0.16.04.3.debian.tar.xz 637.2 KiB 94ed670ffe627f67e2a550a61bbe175116275606b0939f80f09b3fb1a0181d3b
nginx_1.10.3-0ubuntu0.16.04.3.dsc 3.1 KiB d2da26780376fc68b39fbd76c4831db1db383d5dbc5190c07194a253bfab7499

View changes file

Binary packages built by this source

nginx: small, powerful, scalable web/proxy server

 Nginx ("engine X") is a high-performance web and reverse proxy server
 created by Igor Sysoev. It can be used both as a standalone web server
 and as a proxy to reduce the load on back-end HTTP or mail servers.
 .
 This is a dependency package to install either nginx-core (by default),
 nginx-full, nginx-light, or nginx-extras.

nginx-common: small, powerful, scalable web/proxy server - common files

 Nginx ("engine X") is a high-performance web and reverse proxy server
 created by Igor Sysoev. It can be used both as a standalone web server
 and as a proxy to reduce the load on back-end HTTP or mail servers.
 .
 This package contains base configuration files used by all versions of
 nginx.

nginx-core: nginx web/proxy server (core version)

 Nginx ("engine X") is a high-performance web and reverse proxy server
 created by Igor Sysoev. It can be used both as a standalone web server
 and as a proxy to reduce the load on back-end HTTP or mail servers.
 .
 This package provides a version of nginx with the complete set of
 standard modules included (but omitting some of those included in
 nginx-extras).
 .
 STANDARD HTTP MODULES: Core, Access, Auth Basic, Auto Index, Browser, Empty
 GIF, FastCGI, Geo, Limit Connections, Limit Requests, Map, Memcached, Proxy,
 Referer, Rewrite, SCGI, Split Clients, UWSGI.
 .
 OPTIONAL HTTP MODULES: Addition, Auth Request, Charset, WebDAV, GeoIP, Gunzip,
 Gzip, Gzip Precompression, Headers, HTTP/2, Image Filter, Index, Log, Real IP,
 SSI, SSL, Stream, Stub Status, Substitution, Thread Pool, Upstream, User ID,
 XSLT.
 .
 MAIL MODULES: Mail Core, Auth HTTP, Proxy, SSL, IMAP, POP3, SMTP.
 .
 NOTE: This is identical to the -full build, but without any third party
 modules built in.

nginx-core-dbg: nginx web/proxy server (core version) - debugging symbols

 Nginx ("engine X") is a high-performance web and reverse proxy server
 created by Igor Sysoev. It can be used both as a standalone web server
 and as a proxy to reduce the load on back-end HTTP or mail servers.
 .
 This package provides debugging symbols for nginx-core, to assist in debugging
 issues that you may find. It should not be required for normal operation.

nginx-core-dbgsym: debug symbols for package nginx-core

 Nginx ("engine X") is a high-performance web and reverse proxy server
 created by Igor Sysoev. It can be used both as a standalone web server
 and as a proxy to reduce the load on back-end HTTP or mail servers.
 .
 This package provides a version of nginx with the complete set of
 standard modules included (but omitting some of those included in
 nginx-extras).
 .
 STANDARD HTTP MODULES: Core, Access, Auth Basic, Auto Index, Browser, Empty
 GIF, FastCGI, Geo, Limit Connections, Limit Requests, Map, Memcached, Proxy,
 Referer, Rewrite, SCGI, Split Clients, UWSGI.
 .
 OPTIONAL HTTP MODULES: Addition, Auth Request, Charset, WebDAV, GeoIP, Gunzip,
 Gzip, Gzip Precompression, Headers, HTTP/2, Image Filter, Index, Log, Real IP,
 SSI, SSL, Stream, Stub Status, Substitution, Thread Pool, Upstream, User ID,
 XSLT.
 .
 MAIL MODULES: Mail Core, Auth HTTP, Proxy, SSL, IMAP, POP3, SMTP.
 .
 NOTE: This is identical to the -full build, but without any third party
 modules built in.

nginx-doc: small, powerful, scalable web/proxy server - documentation

 Nginx ("engine X") is a high-performance web and reverse proxy server
 created by Igor Sysoev. It can be used both as a standalone web server
 and as a proxy to reduce the load on back-end HTTP or mail servers.
 .
 This package provides extra documentation to help unleash the power of Nginx.

nginx-extras: nginx web/proxy server (extended version)

 Nginx ("engine X") is a high-performance web and reverse proxy server
 created by Igor Sysoev. It can be used both as a standalone web server
 and as a proxy to reduce the load on back-end HTTP or mail servers.
 .
 This package provides a version of nginx with the standard modules, plus
 extra features and modules such as the Perl module, which allows the
 addition of Perl in configuration files.
 .
 STANDARD HTTP MODULES: Core, Access, Auth Basic, Auto Index, Browser, Empty
 GIF, FastCGI, Geo, Limit Connections, Limit Requests, Map, Memcached, Proxy,
 Referer, Rewrite, SCGI, Split Clients, UWSGI.
 .
 OPTIONAL HTTP MODULES: Addition, Auth Request, Charset, WebDAV, FLV, GeoIP,
 Gunzip, Gzip, Gzip Precompression, Headers, HTTP/2, Image Filter, Index, Log,
 MP4, Embedded Perl, Random Index, Real IP, Secure Link, SSI, SSL, Stream,
 Stub Status, Substitution, Thread Pool, Upstream, User ID, XSLT.
 .
 MAIL MODULES: Mail Core, Auth HTTP, Proxy, SSL, IMAP, POP3, SMTP.
 .
 THIRD PARTY MODULES: Auth PAM, Cache Purge, DAV Ext, Echo, Fancy Index,
 Headers More, Embedded Lua, HTTP Push, HTTP Substitutions, Upload Progress,
 Upstream Fair Queue.

nginx-extras-dbg: nginx web/proxy server (extended version) - debugging symbols

 Nginx ("engine X") is a high-performance web and reverse proxy server
 created by Igor Sysoev. It can be used both as a standalone web server
 and as a proxy to reduce the load on back-end HTTP or mail servers.
 .
 This package provides debugging symbols for nginx-extras, to assist in
 debugging issues that you may find. It should not be required for normal
 operation.

nginx-extras-dbgsym: debug symbols for package nginx-extras

 Nginx ("engine X") is a high-performance web and reverse proxy server
 created by Igor Sysoev. It can be used both as a standalone web server
 and as a proxy to reduce the load on back-end HTTP or mail servers.
 .
 This package provides a version of nginx with the standard modules, plus
 extra features and modules such as the Perl module, which allows the
 addition of Perl in configuration files.
 .
 STANDARD HTTP MODULES: Core, Access, Auth Basic, Auto Index, Browser, Empty
 GIF, FastCGI, Geo, Limit Connections, Limit Requests, Map, Memcached, Proxy,
 Referer, Rewrite, SCGI, Split Clients, UWSGI.
 .
 OPTIONAL HTTP MODULES: Addition, Auth Request, Charset, WebDAV, FLV, GeoIP,
 Gunzip, Gzip, Gzip Precompression, Headers, HTTP/2, Image Filter, Index, Log,
 MP4, Embedded Perl, Random Index, Real IP, Secure Link, SSI, SSL, Stream,
 Stub Status, Substitution, Thread Pool, Upstream, User ID, XSLT.
 .
 MAIL MODULES: Mail Core, Auth HTTP, Proxy, SSL, IMAP, POP3, SMTP.
 .
 THIRD PARTY MODULES: Auth PAM, Cache Purge, DAV Ext, Echo, Fancy Index,
 Headers More, Embedded Lua, HTTP Push, HTTP Substitutions, Upload Progress,
 Upstream Fair Queue.

nginx-full: nginx web/proxy server (standard version)

 Nginx ("engine X") is a high-performance web and reverse proxy server
 created by Igor Sysoev. It can be used both as a standalone web server
 and as a proxy to reduce the load on back-end HTTP or mail servers.
 .
 This package provides a version of nginx with the complete set of
 standard modules included (but omitting some of those included in
 nginx-extra).
 .
 STANDARD HTTP MODULES: Core, Access, Auth Basic, Auto Index, Browser, Empty
 GIF, FastCGI, Geo, Limit Connections, Limit Requests, Map, Memcached, Proxy,
 Referer, Rewrite, SCGI, Split Clients, UWSGI.
 .
 OPTIONAL HTTP MODULES: Addition, Auth Request, Charset, WebDAV, GeoIP, Gunzip,
 Gzip, Gzip Precompression, Headers, HTTP/2, Image Filter, Index, Log, Real IP,
 SSI, SSL, Stream, Stub Status, Substitution, Thread Pool, Upstream, User ID,
 XSLT.
 .
 MAIL MODULES: Mail Core, Auth HTTP, Proxy, SSL, IMAP, POP3, SMTP.
 .
 THIRD PARTY MODULES: Auth PAM, DAV Ext, Echo, HTTP Substitutions, Upstream
 Fair Queue.

nginx-full-dbg: nginx web/proxy server (standard version) - debugging symbols

 Nginx ("engine X") is a high-performance web and reverse proxy server
 created by Igor Sysoev. It can be used both as a standalone web server
 and as a proxy to reduce the load on back-end HTTP or mail servers.
 .
 This package provides debugging symbols for nginx-full, to assist in debugging
 issues that you may find. It should not be required for normal operation.

nginx-full-dbgsym: debug symbols for package nginx-full

 Nginx ("engine X") is a high-performance web and reverse proxy server
 created by Igor Sysoev. It can be used both as a standalone web server
 and as a proxy to reduce the load on back-end HTTP or mail servers.
 .
 This package provides a version of nginx with the complete set of
 standard modules included (but omitting some of those included in
 nginx-extra).
 .
 STANDARD HTTP MODULES: Core, Access, Auth Basic, Auto Index, Browser, Empty
 GIF, FastCGI, Geo, Limit Connections, Limit Requests, Map, Memcached, Proxy,
 Referer, Rewrite, SCGI, Split Clients, UWSGI.
 .
 OPTIONAL HTTP MODULES: Addition, Auth Request, Charset, WebDAV, GeoIP, Gunzip,
 Gzip, Gzip Precompression, Headers, HTTP/2, Image Filter, Index, Log, Real IP,
 SSI, SSL, Stream, Stub Status, Substitution, Thread Pool, Upstream, User ID,
 XSLT.
 .
 MAIL MODULES: Mail Core, Auth HTTP, Proxy, SSL, IMAP, POP3, SMTP.
 .
 THIRD PARTY MODULES: Auth PAM, DAV Ext, Echo, HTTP Substitutions, Upstream
 Fair Queue.

nginx-light: nginx web/proxy server (basic version)

 Nginx ("engine X") is a high-performance web and reverse proxy server
 created by Igor Sysoev. It can be used both as a standalone web server
 and as a proxy to reduce the load on back-end HTTP or mail servers.
 .
 This package provides a very light version of nginx with only the
 minimal set of features and modules.
 .
 STANDARD HTTP MODULES: Core, Access, Auth Basic, Auto Index, Empty GIF,
 FastCGI, Map, Proxy, Rewrite.
 .
 OPTIONAL HTTP MODULES: Auth Request, Charset, Gzip, Gzip Precompression,
 Headers, Index, Log, Real IP, SSL, Stub Status, Upstream.
 .
 THIRD PARTY MODULES: Echo.

nginx-light-dbg: nginx web/proxy server (basic version) - debugging symbols

 Nginx ("engine X") is a high-performance web and reverse proxy server
 created by Igor Sysoev. It can be used both as a standalone web server
 and as a proxy to reduce the load on back-end HTTP or mail servers.
 .
 This package provides debugging symbols for nginx-light, to assist in
 debugging issues that you may find. It should not be required for normal
 operation.

nginx-light-dbgsym: debug symbols for package nginx-light

 Nginx ("engine X") is a high-performance web and reverse proxy server
 created by Igor Sysoev. It can be used both as a standalone web server
 and as a proxy to reduce the load on back-end HTTP or mail servers.
 .
 This package provides a very light version of nginx with only the
 minimal set of features and modules.
 .
 STANDARD HTTP MODULES: Core, Access, Auth Basic, Auto Index, Empty GIF,
 FastCGI, Map, Proxy, Rewrite.
 .
 OPTIONAL HTTP MODULES: Auth Request, Charset, Gzip, Gzip Precompression,
 Headers, Index, Log, Real IP, SSL, Stub Status, Upstream.
 .
 THIRD PARTY MODULES: Echo.