ELBA-2021-15078

ULN >
Oracle Linux Errata repository >
ELBA-2021-15078

ELBA-2021-15078 - nginx Bug Fix update

Type:	BUG
Severity:	NA
Release Date:	2021-06-22

Description

[1:1.20.1-2]
- use different fix for rhbz#1683388 as it introduced permissions issues in 1:1.20.0-2

[1:1.20.1-1]
- update to 1.20.1 (fixes CVE-2021-23017)

[1:1.20.0-4]
- Perl 5.34 rebuild

[1:1.20.0-3]
- Related: #1636235 - centralizing default index.html on nginx

[1:1.20.0-2]
- sync rawhide and EPEL7 spec files again
- systemd service reload now checks config file (rhbz#1565377)
- drop nginx requirement on nginx-all-modules (rhbz#1708799)
- let nginx handle log creation on logrotate (rhbz#1683388)
- have log directory owned by root (rhbz#1390183, CVE-2016-1247)
- remove obsolete --with-ipv6 (src PR#8)
- correction: pcre2 is actually not supported by nginx, reintroduce pcre

[1:1.20.0-1]
- update to 1.20.0
- sync with mainline spec file
- order configure options alphabetically for easier comparinggit
- add --with-compat option (rhbz#1834452)
- add patch to fix PIDFile race condition (rhbz#1869026)
- use pcre2 instead of pcre (rhbz#1938984)
- add Wants=network-online.target to systemd unit (rhbz#1943779)

[1:1.18.0-5]
- Resolves: #1931402 - drop gperftools module

[1:1.18.0-4]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild

[1:1.18.0-3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild

[1:1.18.0-2]
- Perl 5.32 rebuild

[1:1.18.0-1]
- Update to 1.18.0
- Increased types_hash_max_size to 4096 in default config
- Add gpg source verification
- Add Recommends: logrotate
- Drop location / from default config (rhbz#1564768)
- Drop default_sever from default config (rhbz#1373822)

[1:1.16.1-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild

* Sun Sep 15 2019 Warren Togami
- add conditionals for EPEL7, see rhbz#1750857

[1:1.16.1-1]
- Update to upstream release 1.16.1
- Fixes CVE-2019-9511, CVE-2019-9513, CVE-2019-9516

[1:1.16.0-5]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild

[1:1.16.0-4]
- Perl 5.30 rebuild

[1.16.0-3]
- Move to common default index.html
- Resolves: rhbz#1636235

[1:1.16.0-2]
- Add missing directory for vim plugin

[1:1.16.0-1]
- Update to upstream release 1.16.0

[1:1.15.9-1]
- Update to upstream release 1.15.9
- Enable ngx_stream_ssl_preread module
- Remove redundant conditionals

[1:1.14.1-5]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild

[1:1.14.1-4]
- Rebuilt for libcrypt.so.2 (#1666033)

[1:1.14.1-3]
- fix unexpanded paths in nginx(8)

[1:1.14.1-2]
- new version 1.14.1
- Resolves: #1584426 - Upstream Nginx 1.14.0 is now available
- Resolves: #1647255 - CVE-2018-16845 nginx: Denial of service and memory
disclosure via mp4 module
- Resolves: #1647259 - CVE-2018-16843 nginx: Excessive memory consumption
via flaw in HTTP/2 implementation
- Resolves: #1647258 - CVE-2018-16844 nginx: Excessive CPU usage via flaw
in HTTP/2 implementation

[1:1.12.1-14]
- add requires on perl(constant) for mod-http-perl

[1:1.12.1-13]
- don't build with geoip by default

[1:1.12.1-12]
- add build conditional for geoip support

[1:1.12.1-11]
- Add gcc to BuildRequires to account for
https://fedoraproject.org/wiki/Changes/Remove_GCC_from_BuildRoot

[1:1.12.1-10]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild

[1:1.12.1-9]
- Perl 5.28 rebuild

[1:1.12.1-8]
- Related: #1573942 - nginx fails on start

[1:1.12.1-7]
- Resolves: #1573942 - nginx fails on start

[1:1.12.1-6]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

[1:1.12.1-5]
- Add patch to apply glibc bugfix if really needed only
- Disable strict symbol checks in the link editor

[1:1.12.1-4]
- Rebuilt for switch to libxcrypt

[1:1.12.1-3]
- rebuild

[1:1.12.1-2]
- own system drop-in directories #1493036

[1:1.12.1-1]
- update to 1.12.1 (#1469924)
- enable http_auth_request_module (Tim Niemueller, #1471106)

[1:1.12.0-4]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild

[1:1.12.0-3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild

[1:1.12.0-2]
- Perl 5.26 rebuild

[1:1.12.0-1]
- new version 1.12.0

[1:1.10.3-1]
- update to upstream release 1.10.3

[1:1.10.2-1]
- update to upstream release 1.10.2

[1:1.10.1-1]
- update to upstream release 1.10.1

[1:1.10.0-4]
- Perl 5.24 rebuild

[1:1.10.0-3]
- Enable AIO on aarch64 (rhbz 1258414)

[1:1.10.0-2]
- only Require nginx-all-modules for EPEL and current Fedora releases

[1:1.10.0-1]
- update to upstream release 1.10.0
- split dynamic modules into subpackages
- spec file cleanup

[1:1.8.1-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild

[1:1.8.1-1]
- update to upstream release 1.8.1
- CVE-2016-0747: Insufficient limits of CNAME resolution in resolver
- CVE-2016-0746: Use-after-free during CNAME response processing in resolver
- CVE-2016-0742: Invalid pointer dereference in resolver

[1:1.8.0-14]
- consistently use '%global with_foo' style of logic
- remove PID file before starting nginx (#1268621)

[1:1.8.0-13]
- Use nginx-mimetypes from mailcap (#1248736)
- Mark LICENSE as %license

[1:1.8.0-12]
- also build with gperftools on aarch64 (#1258412)

[1:1.8.0-11]
- nginx.conf: added commented-out SSL configuration directives (#1179232)

[1:1.8.0-10]
- switch back to /bin/kill in logrotate script due to SELinux denials

[1:1.8.0-9]
- fix path to png in error pages (#1232277)
- optimize png images with optipng

[1:1.8.0-8]
- replace /bin/kill with /usr/bin/systemctl kill in logrotate script (#1231543)
- remove After=syslog.target in nginx.service (#1231543)
- replace ExecStop with KillSignal=SIGQUIT in nginx.service (#1231543)

[1:1.8.0-7]
- Perl 5.22 rebuild

[1:1.8.0-6]
- revert previous change

[1:1.8.0-5]
- move default server to default.conf (#1220094)

[1:1.8.0-4]
- add TimeoutStopSec=5 and KillMode=mixed to nginx.service
- set worker_processes to auto
- add some common options to the http block in nginx.conf
- run nginx-upgrade on package update
- remove some redundant scriptlet commands
- listen on ipv6 for default server (#1217081)

[1:1.8.0-3]
- improve nginx-upgrade script

[1:1.8.0-2]
- add --with-pcre-jit

[1:1.8.0-1]
- update to upstream release 1.8.0

[1:1.7.12-1]
- update to upstream release 1.7.12

[1:1.7.10-1]
- update to upstream release 1.7.10
- remove systemd conditionals

[1:1.6.2-4]
- fix package ownership of directories

[1:1.6.2-3]
- add vim files (#1142849)

[1:1.6.2-2]
- create nginx-filesystem subpackage (patch from Remi Collet)
- create /etc/nginx/default.d as a drop-in directory for configuration files
for the default server block
- clean up nginx.conf

[1:1.6.2-1]
- update to upstream release 1.6.2
- CVE-2014-3616 nginx: virtual host confusion (#1142573)

[1:1.6.1-4]
- Perl 5.20 rebuild

[1:1.6.1-3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild

[1:1.6.1-2]
- add logic for EPEL 7

[1:1.6.1-1]
- update to upstream release 1.6.1
- (#1126891) CVE-2014-3556: SMTP STARTTLS plaintext injection flaw

[1:1.6.0-3]
- Fix FTBFS on aarch64 (#1115559)

[1:1.6.0-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild

[1:1.6.0-1]
- update to upstream release 1.6.0

[1:1.4.7-1]
- update to upstream release 1.4.7

[1:1.4.6-1]
- update to upstream release 1.4.6

[1:1.4.5-2]
- avoid multiple index directives (#1065488)

[1:1.4.5-1]
- update to upstream release 1.4.5

[1:1.4.4-1]
- Update to upstream release 1.4.4
- Security fix BZ 1032267

[1:1.4.3-1]
- update to upstream release 1.4.3

[1:1.4.2-3]
- Add in conditionals to build for non-systemd targets

[1:1.4.2-2]
- Perl 5.18 rebuild

[1:1.4.2-1]
- update to upstream release 1.4.2

[1:1.4.1-3]
- Perl 5.18 rebuild

[1:1.4.1-2]
- rebuild for new GD 2.1.0

[1:1.4.1-1]
- update to upstream release 1.4.1 (#960605, #960606):
CVE-2013-2028 stack-based buffer overflow when handling certain chunked
transfer encoding requests

[1:1.4.0-2]
- gperftools exist only on selected arches

[1:1.4.0-1]
- update to upstream release 1.4.0
- enable SPDY module (new in this version)
- enable http gunzip module (new in this version)
- enable google perftools module and add gperftools-devel to BR
- enable debugging (#956845)
- trim changelog

[1:1.2.8-1]
- update to upstream release 1.2.8

[1:1.2.7-2]
- make sure nginx directories are not world readable (#913724, #913735)

[1:1.2.7-1]
- update to upstream release 1.2.7
- add .asc file

[1:1.2.6-6]
- use 'kill' instead of 'systemctl' when rotating log files to workaround
SELinux issue (#889151)

[1:1.2.6-5]
- uncomment 'include /etc/nginx/conf.d/*.conf by default but leave the
conf.d directory empty (#903065)

[1:1.2.6-4]
- add comment in nginx.conf regarding 'include /etc/nginf/conf.d/*.conf'
(#903065)

[1:1.2.6-3]
- use correct file ownership when rotating log files

[1:1.2.6-2]
- send correct kill signal and use correct file permissions when rotating
log files (#888225)
- send correct kill signal in nginx-upgrade

[1:1.2.6-1]
- update to upstream release 1.2.6

[1:1.2.5-1]
- update to upstream release 1.2.5

[1:1.2.4-1]
- update to upstream release 1.2.4
- introduce new systemd-rpm macros (#850228)
- link to official documentation not the community wiki (#870733)
- do not run systemctl try-restart after package upgrade to allow the
administrator to run nginx-upgrade and avoid downtime
- add nginx man page (#870738)
- add nginx-upgrade man page and remove README.fedora
- remove chkconfig from Requires(post/preun)
- remove initscripts from Requires(preun/postun)
- remove separate configuration files in '/etc/nginx/conf.d' directory
and revert to upstream default of a centralized nginx.conf file
(#803635) (#842738)

[1:1.2.3-1]
- update to upstream release 1.2.3

[1:1.2.1-3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild

[1:1.2.1-2]
- Perl 5.16 rebuild

[1:1.2.1-1]
- update to upstream release 1.2.1

[1:1.2.0-2]
- Perl 5.16 rebuild

[1:1.2.0-1]
- update to upstream release 1.2.0

[1:1.0.15-4]
- add nginx-upgrade to replace functionality from the nginx initscript
that was lost after migration to systemd
- add README.fedora to describe usage of nginx-upgrade
- nginx.logrotate: use built-in systemd kill command in postrotate script
- nginx.service: start after syslog.target and network.target
- nginx.service: remove unnecessary references to config file location
- nginx.service: use /bin/kill instead of '/usr/sbin/nginx -s' following
advice from nginx-devel
- nginx.service: use private /tmp

[1:1.0.15-3]
- fix incorrect postrotate script in nginx.logrotate

[1:1.0.15-2]
- renable auto-cc-gcc patch due to warnings on rawhide

[1:1.0.15-1]
- update to upstream release 1.0.15
- no need to apply auto-cc-gcc patch
- add %global _hardened_build 1

[1:1.0.14-1]
- update to upstream release 1.0.14
- amend some %changelog formatting

[1:1.0.13-1]
- update to upstream release 1.0.13
- amend --pid-path and --log-path

[1:1.0.12-5]
- change pid path in nginx.conf to match systemd service file

[1:1.0.12-3]
- fix %pre scriptlet

[1:1.0.12-2]
- update upstream URL
- replace %define with %global
- remove obsolete BuildRoot tag, %clean section and %defattr
- remove various unnecessary commands
- add systemd service file and update scriptlets
- add Epoch to accommodate %triggerun as part of systemd migration

[1.0.12-1]
- Update to 1.0.12

[1.0.10-1]
- Bugfix: a segmentation fault might occur in a worker process if resolver got a big DNS response. Thanks to Ben Hawkes.
- Bugfix: in cache key calculation if internal MD5 implementation wasused; the bug had appeared in 1.0.4.
- Bugfix: the module ngx_http_mp4_module sent incorrect 'Content-Length' response header line if the 'start' argument was used. Thanks to Piotr Sikora.

[1.0.8-1]
- Update to new 1.0.8 stable release

[1.0.5-1]
- Update nginx to Latest Stable Release

[1.0.0-3]
- Perl mass rebuild

[1.0.0-2]
- Perl 5.14 mass rebuild

[1.0.0-1]
- Update to 1.0.0

[0.8.53-6]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild

[0.8.53.5]
- Extract out default config into its own file (bug #635776)

[0.8.53-4]
- Revert ownership of log dir

[0.8.53-3]
- Change ownership of /var/log/nginx to be 0700 nginx:nginx
- update init script to use killproc -p
- add reopen_logs command to init script
- update init script to use nginx -q option

[0.8.53-2]
- Fix linking of perl module

[0.8.53-1]
- Update to new stable 0.8.53

[0.7.67-2]
- add Provides: webserver (bug #619693)

[0.7.67-1]
- Update to new stable 0.7.67
- fix bugzilla #591543

[0.7.65-2]
- Mass rebuild with perl-5.12.0

[0.7.65-1]
- Update to new stable 0.7.65
- change ownership of logdir to root:root
- add support for ipv6 (bug #561248)
- add random_index_module
- add secure_link_module

[0.7.64-1]
- Update to new stable 0.7.64

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory

Oracle Linux 7 (x86_64)	nginx-1.20.1-2.el7.src.rpm	759f68a108c9c930986d025e547d9780	-
	nginx-1.20.1-2.el7.x86_64.rpm	c67836dbbc00fb143e49123d84ac224a	-
	nginx-all-modules-1.20.1-2.el7.noarch.rpm	7167ef30b79c273d5cf9116918b6696a	-
	nginx-filesystem-1.20.1-2.el7.noarch.rpm	723ef60bfd7d6a198f4468c25aef34f1	-
	nginx-mod-http-image-filter-1.20.1-2.el7.x86_64.rpm	c54f5770e625197725dcbd3698eecb58	-
	nginx-mod-http-perl-1.20.1-2.el7.x86_64.rpm	a85f3fcc0fe8868e18bc4ecc5401576a	-
	nginx-mod-http-xslt-filter-1.20.1-2.el7.x86_64.rpm	f13bd01bb932b4523d6f9f4a10011552	-
	nginx-mod-mail-1.20.1-2.el7.x86_64.rpm	787a761a3914931a4575fbb4647389fc	-
	nginx-mod-stream-1.20.1-2.el7.x86_64.rpm	2f05cf6f4e47aedefe969dc580e177b5	-

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691