Kunezinkinga ezintathu ezikhonjwe kuseva yewebhu ye-nginx (CVE-2019-9511, CVE-2019-9513, CVE-2019-9516) okuholele ekusetshenzisweni kwenkumbulo ngokweqile lapho usebenzisa imodyuli. ngx_http_v2_module futhi isetshenziswe kusukela kuphrothokholi ye-HTTP/2. Inkinga ithinta izinguqulo ezisuka ku-1.9.5 kuye ku-1.17.2. Ukulungiswa kwenziwe ku-nginx 1.16.1 (igatsha elizinzile) kanye ne-1.17.3 (ejwayelekile). Izinkinga zitholwe nguJonathan Looney weNetflix.
Ukukhishwa okungu-1.17.3 kufaka phakathi okunye ukulungiswa okubili:
- Lungisa: uma usebenzisa ukucindezela, imilayezo ethi "zero size buf" ingavela kulogi; Isiphazamisi sivele ku-1.17.2.
- Lungisa: Iphutha lokuhlukaniswa lingenzeka kunqubo yesisebenzi uma kusetshenziswa isiyalo sesixazululi kummeleli we-SMTP.
Source: linux.org.ru