Mercurial > hg > nginx-site
changeset 2416:eecb26e2c4ab
nginx-1.17.3, nginx-1.16.1
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Tue, 13 Aug 2019 20:00:02 +0300 |
parents | f5f0d3fe3608 |
children | e35ed485070d |
files | text/en/CHANGES text/en/CHANGES-1.16 text/ru/CHANGES.ru text/ru/CHANGES.ru-1.16 xml/en/security_advisories.xml xml/index.xml xml/versions.xml |
diffstat | 7 files changed, 75 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/text/en/CHANGES Tue Aug 13 19:01:32 2019 +0300 +++ b/text/en/CHANGES Tue Aug 13 20:00:02 2019 +0300 @@ -1,4 +1,17 @@ +Changes with nginx 1.17.3 13 Aug 2019 + + *) Security: when using HTTP/2 a client might cause excessive memory + consumption and CPU usage (CVE-2019-9511, CVE-2019-9513, + CVE-2019-9516). + + *) Bugfix: "zero size buf" alerts might appear in logs when using + gzipping; the bug had appeared in 1.17.2. + + *) Bugfix: a segmentation fault might occur in a worker process if the + "resolver" directive was used in SMTP proxy. + + Changes with nginx 1.17.2 23 Jul 2019 *) Change: minimum supported zlib version is 1.2.0.4.
--- a/text/en/CHANGES-1.16 Tue Aug 13 19:01:32 2019 +0300 +++ b/text/en/CHANGES-1.16 Tue Aug 13 20:00:02 2019 +0300 @@ -1,4 +1,11 @@ +Changes with nginx 1.16.1 13 Aug 2019 + + *) Security: when using HTTP/2 a client might cause excessive memory + consumption and CPU usage (CVE-2019-9511, CVE-2019-9513, + CVE-2019-9516). + + Changes with nginx 1.16.0 23 Apr 2019 *) 1.16.x stable branch.
--- a/text/ru/CHANGES.ru Tue Aug 13 19:01:32 2019 +0300 +++ b/text/ru/CHANGES.ru Tue Aug 13 20:00:02 2019 +0300 @@ -1,4 +1,17 @@ +Изменения в nginx 1.17.3 13.08.2019 + + *) Безопасность: при использовании HTTP/2 клиент мог вызвать чрезмерное + потребление памяти и ресурсов процессора (CVE-2019-9511, + CVE-2019-9513, CVE-2019-9516). + + *) Исправление: при использовании сжатия в логах могли появляться + сообщения "zero size buf"; ошибка появилась в 1.17.2. + + *) Исправление: при использовании директивы resolver в SMTP + прокси-сервере в рабочем процессе мог произойти segmentation fault. + + Изменения в nginx 1.17.2 23.07.2019 *) Изменение: минимальная поддерживаемая версия zlib - 1.2.0.4.
--- a/text/ru/CHANGES.ru-1.16 Tue Aug 13 19:01:32 2019 +0300 +++ b/text/ru/CHANGES.ru-1.16 Tue Aug 13 20:00:02 2019 +0300 @@ -1,4 +1,11 @@ +Изменения в nginx 1.16.1 13.08.2019 + + *) Безопасность: при использовании HTTP/2 клиент мог вызвать чрезмерное + потребление памяти и ресурсов процессора (CVE-2019-9511, + CVE-2019-9513, CVE-2019-9516). + + Изменения в nginx 1.16.0 23.04.2019 *) Стабильная ветка 1.16.x.
--- a/xml/en/security_advisories.xml Tue Aug 13 19:01:32 2019 +0300 +++ b/xml/en/security_advisories.xml Tue Aug 13 20:00:02 2019 +0300 @@ -24,6 +24,27 @@ <security> +<item name="Excessive CPU usage in HTTP/2 with small window updates" + severity="medium" + cve="2019-9511" + good="1.17.3+, 1.16.1+" + vulnerable="1.9.5-1.17.2"> +</item> + +<item name="Excessive CPU usage in HTTP/2 with priority changes" + severity="low" + cve="2019-9513" + good="1.17.3+, 1.16.1+" + vulnerable="1.9.5-1.17.2"> +</item> + +<item name="Excessive memory usage in HTTP/2 with zero length headers" + severity="low" + cve="2019-9516" + good="1.17.3+, 1.16.1+" + vulnerable="1.9.5-1.17.2"> +</item> + <item name="Excessive memory usage in HTTP/2" severity="low" advisory="http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html"
--- a/xml/index.xml Tue Aug 13 19:01:32 2019 +0300 +++ b/xml/index.xml Tue Aug 13 20:00:02 2019 +0300 @@ -9,6 +9,18 @@ <event date="2019-08-13"> <para> +<link doc="en/download.xml">nginx-1.16.1</link> +stable and +<link doc="en/download.xml">nginx-1.17.3</link> +mainline versions have been released, +with fixes for +<link doc="en/security_advisories.xml">vulnerabilities in HTTP/2</link> +(CVE-2019-9511, CVE-2019-9513, CVE-2019-9516). +</para> +</event> + +<event date="2019-08-13"> +<para> <link doc="en/docs/njs/index.xml">njs-0.3.4</link> version has been released, featuring getter/setter literals support
--- a/xml/versions.xml Tue Aug 13 19:01:32 2019 +0300 +++ b/xml/versions.xml Tue Aug 13 20:00:02 2019 +0300 @@ -9,6 +9,7 @@ <download tag="mainline" changes=""> +<item ver="1.17.3" /> <item ver="1.17.2" /> <item ver="1.17.1" /> <item ver="1.17.0" /> @@ -18,6 +19,7 @@ <download tag="stable" changes="1.16"> +<item ver="1.16.1" /> <item ver="1.16.0" /> <item ver="1.15.12" /> <item ver="1.15.11" />