Snippets Groups Projects

Update nginx to address DoS CVEs

The current embedded version of nginx is vulnerable to multiple new DoS attacks. A new version has been released to address these specific CVEs. nginx was updated on 2019-08-13 to the stable release of 1.16.1 and mainline release of 1.17.3 with fixes for vulnerabilities in HTTP/2 (CVE-2019-9511, CVE-2019-9513, CVE-2019-9516).

nginx rates these CVEs as medium and low severity, but Tenable Security Center rates the findings as a high.

https://nginx.org/en/security_advisories.html

https://www.tenable.com/plugins/nessus/127907

As a user of gitlab within a hardened and scanned environment, I would like to remediate this vulnerability on our gitlab installation.

Edited 5 years ago by Mike Loseke

Version 2 (latest) James Heimbuck 5 years ago
Version 1 James Heimbuck 5 years ago

...

Child items ...

Activity

Mike Loseke changed the description 5 years ago

changed the description
🤖 GitLab Bot 🤖 @gitlab-bot · 5 years ago

Maintainer

Thanks for submitting this issue. Since GitLab's development now happens in a single codebase, the canonical GitLab issue tracker is now at https://gitlab.com/gitlab-org/gitlab/issues.

This issue will automatically be moved there.
🤖 GitLab Bot 🤖 added automation:to-be-locked in GitLab FOSS label 5 years ago

added automation:to-be-locked in GitLab FOSS label
🤖 GitLab Bot 🤖 moved from gitlab-foss#67355 (moved) 5 years ago

moved from gitlab-foss#67355 (moved)
🤖 GitLab Bot 🤖 mentioned in issue #32197 (closed) 5 years ago

mentioned in issue #32197 (closed)
Stan Hu @stanhu · 5 years ago

Owner

I believe NGINX 1.16.1 was already shipped in GitLab 12.2: omnibus-gitlab!3525 (merged)
Stan Hu closed 5 years ago

closed

Please register or sign in to reply

Due date

None

Health status

None

Confidentiality

Confidentiality controls have moved to the issue actions menu () at the top of the page.

0 Participants