Imiba emithathu ichongiwe kwiseva yewebhu ye-nginx (CVE-2019-9511, CVE-2019-9513, CVE-2019-9516) ekhokelele ekusebenziseni imemori ngokugqithisileyo xa usebenzisa imodyuli. ngx_http_v2_modyuli kwaye iphunyezwe kwi-HTTP/2 protocol. Ingxaki ichaphazela iinguqulelo ukusuka kwi-1.9.5 ukuya kwi-1.17.2. Ukulungiswa kwenziwa kwi-nginx 1.16.1 (isebe elizinzile) kunye ne-1.17.3 (eqhelekileyo). Iingxaki zafunyanwa nguJonathan Looney weNetflix.
Ukukhutshwa kwe-1.17.3 kubandakanya ukulungiswa okubini ngakumbi:
- Lungisa: xa usebenzisa ucinezelo, imiyalezo ethi "zero size buf" inokuvela kwiilog; I-bug yavela ku-1.17.2.
- Lungisa: Impazamo yokwahlula ingenzeka kwinkqubo yomsebenzi xa kusetyenziswa umkhombandlela womsombululi kummeli we-SMTP.
umthombo: linux.org.ru