[El-errata] ELSA-2019-2799 Important: Oracle Linux 8 nginx:1.14 security update

Thu Sep 19 16:53:26 PDT 2019

Oracle Linux Security Advisory ELSA-2019-2799

http://linux.oracle.com/errata/ELSA-2019-2799.html

The following updated rpms for Oracle Linux 8 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
nginx-1.14.1-9.0.1.module+el8.0.0+5347+9282027e.x86_64.rpm
nginx-all-modules-1.14.1-9.0.1.module+el8.0.0+5347+9282027e.noarch.rpm
nginx-filesystem-1.14.1-9.0.1.module+el8.0.0+5347+9282027e.noarch.rpm
nginx-mod-http-image-filter-1.14.1-9.0.1.module+el8.0.0+5347+9282027e.x86_64.rpm
nginx-mod-http-perl-1.14.1-9.0.1.module+el8.0.0+5347+9282027e.x86_64.rpm
nginx-mod-http-xslt-filter-1.14.1-9.0.1.module+el8.0.0+5347+9282027e.x86_64.rpm
nginx-mod-mail-1.14.1-9.0.1.module+el8.0.0+5347+9282027e.x86_64.rpm
nginx-mod-stream-1.14.1-9.0.1.module+el8.0.0+5347+9282027e.x86_64.rpm

aarch64:
nginx-1.14.1-9.0.1.module+el8.0.0+5347+9282027e.aarch64.rpm
nginx-all-modules-1.14.1-9.0.1.module+el8.0.0+5347+9282027e.noarch.rpm
nginx-filesystem-1.14.1-9.0.1.module+el8.0.0+5347+9282027e.noarch.rpm
nginx-mod-http-image-filter-1.14.1-9.0.1.module+el8.0.0+5347+9282027e.aarch64.rpm
nginx-mod-http-perl-1.14.1-9.0.1.module+el8.0.0+5347+9282027e.aarch64.rpm
nginx-mod-http-xslt-filter-1.14.1-9.0.1.module+el8.0.0+5347+9282027e.aarch64.rpm
nginx-mod-mail-1.14.1-9.0.1.module+el8.0.0+5347+9282027e.aarch64.rpm
nginx-mod-stream-1.14.1-9.0.1.module+el8.0.0+5347+9282027e.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/nginx-1.14.1-9.0.1.module+el8.0.0+5347+9282027e.src.rpm

Description of changes:

[1:1.14.1-9.0.1]
- Remove Red Hat references [Orabug: 29498217]

[1:1.14.1-9]
- Resolves: #1744811 - CVE-2019-9511 nginx:1.14/nginx: HTTP/2: large 
amount of
data request leads to denial of service
- Resolves: #1744325 - CVE-2019-9513 nginx:1.14/nginx: HTTP/2: flood using
PRIORITY frames resulting in excessive resource consumption
- Resolves: #1745094 - CVE-2019-9516 nginx:1.14/nginx: HTTP/2: 0-length
headers leads to denial of service