Need information
Gk Gk
ygk.kmr at gmail.com
Fri Mar 11 12:21:21 UTC 2022
Thanks Sergey. One question. Which package is exactly affected by this CVE
? is it base nginx package or nginx-extras or nginx-common package ?
Also what is the location of this affected resolver.c file in an installed
server of ubuntu ?
On Fri, Mar 11, 2022 at 3:00 PM Sergey A. Osokin <osa at freebsd.org.ru> wrote:
> Hi Kumar,
>
> hope you're doing well.
>
> On Fri, Mar 11, 2022 at 02:48:50PM +0530, Gk Gk wrote:
> > Hi,
> >
> > We work on cloud platforms and we have recently come across an nginx
> > vulnerability described at
> >
> https://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html?_ga=2.60788846.2132221914.1646979909-1951211776.1640153145
> >
> > We are using Ubuntu 20.04 OS versions which have nginx 1.18 version. We
> are
> > trying to upgrade
> > the nginx version to 1.20.1 where this vulnerability is remediated. But
> we
> > need nginx-extras as well. But we can't find the nginx-extras package of
> > version 1.20. Only 1.18 is available. Can you suggest what is the best
> way
> > to install nginx 1.20.1 with nginx-extras ?
>
> It seems like the the CVE-2021-23017 has been fixed with the recent
> package update,
>
> http://changelogs.ubuntu.com/changelogs/pool/main/n/nginx/nginx_1.18.0-0ubuntu1.2/changelog
>
> Also, I'd recommend to address your question to the maintainer of
> the corresponding packages for the Ubuntu Linux.
>
> Hope that helps.
>
> --
> Sergey Osokin
> _______________________________________________
> nginx-devel mailing list -- nginx-devel at nginx.org
> To unsubscribe send an email to nginx-devel-leave at nginx.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20220311/c5f4ff77/attachment.htm>
More information about the nginx-devel
mailing list