SUSE-SU-2022:4192-1

Details

Description of the patch:

This update for nginx fixes the following issues:

CVE-2021-3618: Fixed the ALPACA attack limiting the number of errors after which the connection is closed (bsc#1187685).

Affected Packages

nginx

SUSE Linux Enterprise High Performance Computing 15SUSE Linux Enterprise High Performance Computing 15-ESPOSSUSE Linux Enterprise High Performance Computing 15-LTSSSUSE Linux Enterprise Server 15SUSE Linux Enterprise Server 15-LTSS

Fixed in:

1.16.1-150000.3.18.1

References

ADVISORY

https://bugzilla.suse.com/1187685

ADVISORY

https://lists.suse.com/pipermail/sle-security-updates/2022-November/013089.html

ADVISORY

https://www.suse.com/security/cve/CVE-2021-3618/

WEB

https://www.suse.com/support/security/rating/

ADVISORY

https://www.suse.com/support/update/announcement/2022/suse-su-20224192-1/