Nginx [nginx-announce] unit-1.7.1

eva2000 · 2019-02-08

Hi, This is a bugfix release of NGINX Unit that eliminates a security flaw. All versions of Unit from 0.3 to 1.7 are affected. Everybody is strongly advised to update to a new version. Changes with Unit 1.7.1 07 Feb 2019 *) Security: a heap memory...

Discussion in 'Nginx and PHP-FPM news & discussions' started by eva2000, Feb 8, 2019.

Previous Thread Next Thread

Feb 8, 2019 #1

eva2000 Administrator Staff Member

58,893

12,490

113

May 24, 2014

Brisbane, Australia

Ratings:

+19,122

Local Time:

2:22 PM

Nginx 1.31.x

MariaDB 10.x/11.4+/12.3+

Hi,

This is a bugfix release of NGINX Unit that eliminates a security flaw.
All versions of Unit from 0.3 to 1.7 are affected.

Everybody is strongly advised to update to a new version.

Changes with Unit 1.7.1 07 Feb 2019

*) Security: a heap memory buffer overflow might have been caused in the
router process by a specially crafted request, potentially resulting
in a segmentation fault or other unspecified behavior
(CVE-2019-7401).

*) Bugfix: install of Go module failed without prior building of Unit
daemon; the bug had appeared in 1.7.

Release of Unit 1.8 with support for internal request routing and an
experimental Java module is planned for end of February.

wbr, Valentin V. Bartenev

_______________________________________________
nginx-announce mailing list
nginx-announce@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-announce

Continue reading...

Previous Thread Next Thread

(You must log in or sign up to reply here.)

Log in / Register

Forums

Want to subscribe to topics you're interested in?

Nginx [nginx-announce] unit-1.7.1

eva2000 Administrator Staff Member

.

Log in / Register

Useful Searches

Want to subscribe to topics you're interested in?

Nginx [nginx-announce] unit-1.7.1

eva2000 Administrator Staff Member

.