Litaba tse tharo li ile tsa bonoa ho seva sa marang-rang sa nginx (CVE-2019-9511, CVE-2019-9513, CVE-2019-9516) e lebisitseng ts'ebelisong e feteletseng ea memori ha o sebelisa module. ngx_http_v2_mojule mme e kenngwa tshebetsong ho tswa ho protocol ya HTTP/2. Bothata bo ama liphetolelo ho tloha ho 1.9.5 ho ea ho 1.17.2. Litokiso li entsoe ho nginx 1.16.1 (kala e tsitsitseng) le 1.17.3 (e tloaelehileng). Mathata a ile a sibolloa ke Jonathan Looney oa Netflix.
Phatlalatso 1.17.3 e kenyelletsa litokiso tse ling tse peli:
- Lokisa: ha u sebelisa compression, melaetsa ea "zero size buf" e ka hlaha ka har'a li-log; Phoso e hlahile ho 1.17.2.
- Lokisa: Phoso ea karohano e ka ba teng ts'ebetsong ea mosebeletsi ha ho sebelisoa taelo ea tharollo ho proxy ea SMTP.
Source: linux.org.ru