SUSE-SU-2022:4266-1

Details

This update for nginx fixes the following issues:

CVE-2021-3618: Fixed the ALPACA attack limiting the number of errors after which the connection is closed (bsc#1187685).

Affected Packages

nginx

SUSE Enterprise Storage 6SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP1-LTSSSUSE Linux Enterprise Server 15 SP1-BCLSUSE Linux Enterprise Server 15 SP1-LTSS

Fixed in:

1.16.1-150100.6.16.1

nginx-source

SUSE Enterprise Storage 6SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP1-LTSSSUSE Linux Enterprise Server 15 SP1-BCLSUSE Linux Enterprise Server 15 SP1-LTSS

Fixed in:

1.16.1-150100.6.16.1

References

REPORT

https://bugzilla.suse.com/1187685

WEB

https://www.suse.com/security/cve/CVE-2021-3618

ADVISORY

https://www.suse.com/support/update/announcement/2022/suse-su-20224266-1/