Nkhani zitatu zidadziwika mu seva ya nginx (CVE-2019-9511, CVE-2019-9513, CVE-2019-9516) zomwe zidapangitsa kuti pakhale kukumbukira kwambiri mukamagwiritsa ntchito gawoli. ngx_http_v2_module ndi kukhazikitsidwa kuchokera ku HTTP/2 protocol. Vutoli limakhudza mitundu yochokera ku 1.9.5 mpaka 1.17.2. Zokonza zidapangidwa ku nginx 1.16.1 (nthambi yokhazikika) ndi 1.17.3 (yambiri). Mavutowa adapezeka ndi Jonathan Looney wa Netflix.
Kutulutsidwa kwa 1.17.3 kumaphatikizapo kukonza kwina kuwiri:
- Konzani: mukamagwiritsa ntchito kuponderezana, mauthenga a "zero size buf" amatha kuwonekera muzopika; Vutoli lidawonekera mu 1.17.2.
- Konzani: Kulakwitsa kwa magawo kungachitike pakachitidwe kantchito mukamagwiritsa ntchito njira yosinthira mu projekiti ya SMTP.
Source: linux.org.ru