Ubuntu
nginx package

Security Advisory - Nov. 6, 2018 - CVE-2018-16843, CVE-2018-16844

  1. Cosmic (18.10)
  2. Bug #1801982
Bug #1801982 reported by Thomas Ward
262
This bug affects 2 people
Affects Status Importance Assigned to Milestone
nginx (Ubuntu)
Fix Released
Medium
Thomas Ward
Xenial
Fix Released
Medium
Unassigned
Bionic
Fix Released
Medium
Unassigned
Cosmic
Fix Released
Medium
Unassigned
Disco
Fix Released
Medium
Thomas Ward

Bug Description

The following was put out in a security advisory notice over nginx-announce's mailing list today:

http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html

Hello!

Two security issues were identified in nginx HTTP/2 implementation,
which might cause excessive memory consumption (CVE-2018-16843)
and CPU usage (CVE-2018-16844).

The issues affect nginx compiled with the ngx_http_v2_module (not
compiled by default) if the "http2" option of the "listen" directive is
used in a configuration file.

The issues affect nginx 1.9.5 - 1.15.5.
The issues are fixed in nginx 1.15.6, 1.14.1.

Thanks to Gal Goldshtein from F5 Networks for initial report of the CPU
usage issue.

-----

Based on the version strings specified, the following Ubuntu versions of nginx are affected:

* Xenial (1.9.15-0ubuntu1, 1.10.3-0ubuntu0.16.04.2)
* Bionic (1.14.0-0ubuntu1, 1.14.0-0ubuntu1.1)
* Cosmic (1.15.0-0ubuntu1, 1.15.0-0ubuntu2)
* Disco (1.15.0-0ubuntu1, 1.15.0-0ubuntu3)

See original description

CVE References

Thomas Ward (teward)
Changed in nginx (Ubuntu Bionic):
status: New → Confirmed
Changed in nginx (Ubuntu Cosmic):
status: New → Confirmed
Changed in nginx (Ubuntu Xenial):
status: New → Confirmed
Thomas Ward (teward)
description: updated
Thomas Ward (teward)
Changed in nginx (Ubuntu Xenial):
importance: Undecided → Medium
Changed in nginx (Ubuntu Bionic):
importance: Undecided → Medium
Changed in nginx (Ubuntu Cosmic):
importance: Undecided → Medium
Changed in nginx (Ubuntu Disco):
importance: Undecided → Medium
assignee: nobody → Thomas Ward (teward)
Thomas Ward (teward)
Changed in nginx (Ubuntu Xenial):
status: Confirmed → Fix Released
Changed in nginx (Ubuntu Bionic):
status: Confirmed → Fix Released
Changed in nginx (Ubuntu Cosmic):
status: Confirmed → Fix Released
Thomas Ward (teward)
Changed in nginx (Ubuntu Disco):
status: Confirmed → Fix Committed
Revision history for this message
Steve Beattie (sbeattie) wrote :

These were addressed in disco in 1.15.6-0ubuntu1, closing. Thanks!

Changed in nginx (Ubuntu):
status: Fix Committed → Fix Released
Changed in nginx (Ubuntu Disco):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.