An gano batutuwa uku a cikin sabar gidan yanar gizo na nginx (CVE-2019-9511, CVE-2019-9513, CVE-2019-9516) wanda ya haifar da yawan ƙwaƙwalwar ajiya yayin amfani da tsarin. ngx_http_v2_module kuma an aiwatar da shi daga ka'idar HTTP/2. Matsalar tana shafar nau'ikan daga 1.9.5 zuwa 1.17.2. An yi gyare-gyare zuwa nginx 1.16.1 (reshe mai tsayayye) da 1.17.3 (na al'ada). Jonathan Looney na Netflix ne ya gano matsalolin.
Sakin 1.17.3 ya haɗa da ƙarin gyare-gyare guda biyu:
- Gyara: lokacin amfani da matsawa, saƙonnin “sifili girman buf” na iya bayyana a cikin rajistan ayyukan; Kwaron ya bayyana a cikin 1.17.2.
- Gyara: Laifin rabuwa zai iya faruwa a cikin tsarin ma'aikaci lokacin amfani da umarnin mai warwarewa a cikin wakili na SMTP.
source: linux.org.ru