Thanks Sergey. One question. Which package is exactly affected by this CVE ? is it base nginx package or nginx-extras or nginx-common package ? Also what is the location of this affected resolver.c file in an installed server of ubuntu ?
On Fri, Mar 11, 2022 at 3:00 PM Sergey A. Osokin <o...@freebsd.org.ru> wrote: > Hi Kumar, > > hope you're doing well. > > On Fri, Mar 11, 2022 at 02:48:50PM +0530, Gk Gk wrote: > > Hi, > > > > We work on cloud platforms and we have recently come across an nginx > > vulnerability described at > > > https://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html?_ga=2.60788846.2132221914.1646979909-1951211776.1640153145 > > > > We are using Ubuntu 20.04 OS versions which have nginx 1.18 version. We > are > > trying to upgrade > > the nginx version to 1.20.1 where this vulnerability is remediated. But > we > > need nginx-extras as well. But we can't find the nginx-extras package of > > version 1.20. Only 1.18 is available. Can you suggest what is the best > way > > to install nginx 1.20.1 with nginx-extras ? > > It seems like the the CVE-2021-23017 has been fixed with the recent > package update, > > http://changelogs.ubuntu.com/changelogs/pool/main/n/nginx/nginx_1.18.0-0ubuntu1.2/changelog > > Also, I'd recommend to address your question to the maintainer of > the corresponding packages for the Ubuntu Linux. > > Hope that helps. > > -- > Sergey Osokin > _______________________________________________ > nginx-devel mailing list -- nginx-devel@nginx.org > To unsubscribe send an email to nginx-devel-le...@nginx.org >
_______________________________________________ nginx-devel mailing list -- nginx-devel@nginx.org To unsubscribe send an email to nginx-devel-le...@nginx.org
