SUSE-SU-2022:4265-1

Details

This update for nginx fixes the following issues:

CVE-2021-3618: Fixed the ALPACA attack limiting the number of errors after which the connection is closed (bsc#1187685).

Affected Packages

nginx

SUSE Enterprise Storage 7SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP2-LTSSSUSE Linux Enterprise Server 15 SP2-BCLSUSE Linux Enterprise Server 15 SP2-LTSS

Fixed in:

1.16.1-150200.3.9.1

nginx-source

SUSE Enterprise Storage 7SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP2-LTSSSUSE Linux Enterprise Server 15 SP2-BCLSUSE Linux Enterprise Server 15 SP2-LTSS

Fixed in:

1.16.1-150200.3.9.1

References

REPORT

https://bugzilla.suse.com/1187685

WEB

https://www.suse.com/security/cve/CVE-2021-3618

ADVISORY

https://www.suse.com/support/update/announcement/2022/suse-su-20224265-1/