Ubuntu
nginx package

  1. Xenial (16.04)
  2. Bug #1801982
  3. Activity log

Activity log for bug #1801982

Date Who What changed Old value New value Message
2018-11-06 18:12:44 Thomas Ward bug added bug
2018-11-06 18:12:58 Thomas Ward cve linked 2018-16843
2018-11-06 18:13:09 Thomas Ward cve linked 2018-16844
2018-11-06 18:13:18 Thomas Ward nominated for series Ubuntu Disco
2018-11-06 18:13:18 Thomas Ward bug task added nginx (Ubuntu Disco)
2018-11-06 18:13:18 Thomas Ward nominated for series Ubuntu Xenial
2018-11-06 18:13:18 Thomas Ward bug task added nginx (Ubuntu Xenial)
2018-11-06 18:13:18 Thomas Ward nominated for series Ubuntu Cosmic
2018-11-06 18:13:18 Thomas Ward bug task added nginx (Ubuntu Cosmic)
2018-11-06 18:13:18 Thomas Ward nominated for series Ubuntu Bionic
2018-11-06 18:13:18 Thomas Ward bug task added nginx (Ubuntu Bionic)
2018-11-06 18:13:25 Thomas Ward nginx (Ubuntu Bionic): status New Confirmed
2018-11-06 18:13:26 Thomas Ward nginx (Ubuntu Cosmic): status New Confirmed
2018-11-06 18:13:28 Thomas Ward nginx (Ubuntu Xenial): status New Confirmed
2018-11-06 18:18:41 Thomas Ward description The following was put out in a security advisory notice over nginx-announce's mailing list today: Hello! Two security issues were identified in nginx HTTP/2 implementation, which might cause excessive memory consumption (CVE-2018-16843) and CPU usage (CVE-2018-16844). The issues affect nginx compiled with the ngx_http_v2_module (not compiled by default) if the "http2" option of the "listen" directive is used in a configuration file. The issues affect nginx 1.9.5 - 1.15.5. The issues are fixed in nginx 1.15.6, 1.14.1. Thanks to Gal Goldshtein from F5 Networks for initial report of the CPU usage issue. ----- Based on the version strings specified, the following Ubuntu versions of nginx are affected: * Xenial (1.9.15-0ubuntu1, 1.10.3-0ubuntu0.16.04.2) * Bionic (1.14.0-0ubuntu1, 1.14.0-0ubuntu1.1) * Cosmic (1.15.0-0ubuntu1, 1.15.0-0ubuntu2) * Disco (1.15.0-0ubuntu1, 1.15.0-0ubuntu3) The following was put out in a security advisory notice over nginx-announce's mailing list today: http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html Hello! Two security issues were identified in nginx HTTP/2 implementation, which might cause excessive memory consumption (CVE-2018-16843) and CPU usage (CVE-2018-16844). The issues affect nginx compiled with the ngx_http_v2_module (not compiled by default) if the "http2" option of the "listen" directive is used in a configuration file. The issues affect nginx 1.9.5 - 1.15.5. The issues are fixed in nginx 1.15.6, 1.14.1. Thanks to Gal Goldshtein from F5 Networks for initial report of the CPU usage issue. ----- Based on the version strings specified, the following Ubuntu versions of nginx are affected: * Xenial (1.9.15-0ubuntu1, 1.10.3-0ubuntu0.16.04.2) * Bionic (1.14.0-0ubuntu1, 1.14.0-0ubuntu1.1) * Cosmic (1.15.0-0ubuntu1, 1.15.0-0ubuntu2) * Disco (1.15.0-0ubuntu1, 1.15.0-0ubuntu3)
2018-11-06 18:23:58 Thomas Ward nginx (Ubuntu Xenial): importance Undecided Medium
2018-11-06 18:24:00 Thomas Ward nginx (Ubuntu Bionic): importance Undecided Medium
2018-11-06 18:24:01 Thomas Ward nginx (Ubuntu Cosmic): importance Undecided Medium
2018-11-06 18:24:03 Thomas Ward nginx (Ubuntu Disco): importance Undecided Medium
2018-11-06 18:24:07 Thomas Ward nginx (Ubuntu Disco): assignee Thomas Ward (teward)
2018-11-06 18:24:22 Simon Déziel bug added subscriber Simon Déziel
2018-11-07 16:06:40 Thomas Ward nginx (Ubuntu Xenial): status Confirmed Fix Released
2018-11-07 16:06:42 Thomas Ward nginx (Ubuntu Bionic): status Confirmed Fix Released
2018-11-07 16:06:43 Thomas Ward nginx (Ubuntu Cosmic): status Confirmed Fix Released
2018-11-13 15:19:00 Thomas Ward nginx (Ubuntu Disco): status Confirmed Fix Committed
2019-08-07 16:32:37 Steve Beattie nginx (Ubuntu): status Fix Committed Fix Released
2019-08-07 16:32:43 Steve Beattie nginx (Ubuntu Disco): status Fix Committed Fix Released