========================================================================== Ubuntu Security Notice USN-4099-1 August 15, 2019 nginx vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 19.04 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: nginx could be made to crash if it received specially crafted network traffic. Software Description: - nginx: small, powerful, scalable web/proxy server Details: Jonathan Looney discovered that nginx incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to consume resources, leading to a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04: nginx-common 1.15.9-0ubuntu1.1 nginx-core 1.15.9-0ubuntu1.1 nginx-extras 1.15.9-0ubuntu1.1 nginx-full 1.15.9-0ubuntu1.1 nginx-light 1.15.9-0ubuntu1.1 Ubuntu 18.04 LTS: nginx-common 1.14.0-0ubuntu1.4 nginx-core 1.14.0-0ubuntu1.4 nginx-extras 1.14.0-0ubuntu1.4 nginx-full 1.14.0-0ubuntu1.4 nginx-light 1.14.0-0ubuntu1.4 Ubuntu 16.04 LTS: nginx-common 1.10.3-0ubuntu0.16.04.4 nginx-core 1.10.3-0ubuntu0.16.04.4 nginx-extras 1.10.3-0ubuntu0.16.04.4 nginx-full 1.10.3-0ubuntu0.16.04.4 nginx-light 1.10.3-0ubuntu0.16.04.4 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/4099-1 CVE-2019-9511, CVE-2019-9513, CVE-2019-9516 Package Information: https://launchpad.net/ubuntu/+source/nginx/1.15.9-0ubuntu1.1 https://launchpad.net/ubuntu/+source/nginx/1.14.0-0ubuntu1.4 https://launchpad.net/ubuntu/+source/nginx/1.10.3-0ubuntu0.16.04.4