USN-4099-1: nginx vulnerabilities
Severity
Medium
Vendor
Canonical Ubuntu
Description
Jonathan Looney discovered that nginx incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to consume resources, leading to a denial of service.
CVEs contained in this USN include: CVE-2019-9513, CVE-2019-9511, CVE-2019-9516
Affected VMware Products and Versions
Severity is medium unless otherwise noted.
- Pivotal Operations Manager is vulnerable in the following releases:
- 2.6.x versions prior to 2.6.8
- 2.5.x versions prior to 2.5.15
- 2.4.x versions prior to 2.4.18
- 2.3.x versions prior to 2.3.25
Mitigation
Users of affected versions should apply the following mitigation:
- Releases that have fixed this issue include:
- Pivotal Operations Manager: 2.6.8, 2.5.15, 2.4.18, 2.3.25