HomeFreeBSD

www/nginx-devel: security update from 1.20.0 to 1.21.0.

Description

www/nginx-devel: security update from 1.20.0 to 1.21.0.

Security: 0882f019-bd60-11eb-9bdd-8c164567ca3c
Security: CVE-2021-23017

<Changelog>

*) Security: 1-byte memory overwrite might occur during DNS server

response processing if the "resolver" directive was used, allowing an
attacker who is able to forge UDP packets from the DNS server to
cause worker process crash or, potentially, arbitrary code execution
(CVE-2021-23017).

*) Feature: variables support in the "proxy_ssl_certificate",

"proxy_ssl_certificate_key" "grpc_ssl_certificate",
"grpc_ssl_certificate_key", "uwsgi_ssl_certificate", and
"uwsgi_ssl_certificate_key" directives.

*) Feature: the "max_errors" directive in the mail proxy module.

*) Feature: the mail proxy module supports POP3 and IMAP pipelining.

*) Feature: the "fastopen" parameter of the "listen" directive in the

stream module.
Thanks to Anbang Wen.

*) Bugfix: special characters were not escaped during automatic redirect

with appended trailing slash.

*) Bugfix: connections with clients in the mail proxy module might be

closed unexpectedly when using SMTP pipelining.

</Changelog>

Details

Provenance
osaAuthored on May 25 2021, 3:49 PM
Parents
R11:1109a4b0c628: security/vuxml: document vulnerability in www/nginx and www/nginx-devel
Branches
Unknown
Tags
Unknown