diff --git a/SOURCES/nginx-1.16.0-CVE-2019-20372.patch b/SOURCES/nginx-1.16.0-CVE-2019-20372.patch new file mode 100644 index 0000000..782e038 --- /dev/null +++ b/SOURCES/nginx-1.16.0-CVE-2019-20372.patch @@ -0,0 +1,17 @@ +diff --git a/src/http/ngx_http_special_response.c b/src/http/ngx_http_special_response.c +index 4ffb2cc8ad..76e6705889 100644 +--- a/src/http/ngx_http_special_response.c ++++ b/src/http/ngx_http_special_response.c +@@ -623,6 +623,12 @@ ngx_http_send_error_page(ngx_http_request_t *r, ngx_http_err_page_t *err_page) + return ngx_http_named_location(r, &uri); + } + ++ r->expect_tested = 1; ++ ++ if (ngx_http_discard_request_body(r) != NGX_OK) { ++ r->keepalive = 0; ++ } ++ + location = ngx_list_push(&r->headers_out.headers); + + if (location == NULL) { diff --git a/SPECS/nginx.spec b/SPECS/nginx.spec index 3ff6639..e60c7a5 100644 --- a/SPECS/nginx.spec +++ b/SPECS/nginx.spec @@ -41,7 +41,7 @@ Name: %{?scl:%scl_prefix}nginx Epoch: 1 Version: 1.16.1 -Release: 4%{?dist} +Release: 4%{?dist}.1 Summary: A high performance web server and reverse proxy server Group: System Environment/Daemons # BSD License (two clause) @@ -78,6 +78,9 @@ Patch2: nginx-1.16.0-pkcs11.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1655530 Patch3: nginx-1.14.1-perl-module-hardening.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=1848449 +Patch4: nginx-1.16.0-CVE-2019-20372.patch + BuildRequires: gd-devel %if 0%{?with_gperftools} @@ -183,6 +186,7 @@ Requires: %{?scl:%scl_prefix}nginx %patch1 -p1 %patch2 -p1 %patch3 -p1 +%patch4 -p1 cp %{SOURCE200} . %build @@ -622,6 +626,10 @@ fi %{_libdir}/nginx/modules/ngx_stream_module.so %changelog +* Tue Jun 23 2020 Lubos Uhliarik - 1:1.16.1-4.1 +- Resolves: #1848449 - CVE-2019-20372 rh-nginx116-nginx: nginx: HTTP request + smuggling via error pages in http/ngx_http_special_response.c + * Mon Oct 07 2019 Lubos Uhliarik - 1:1.16.1-4 - Resolves: #1758809 - Nginx service does not start (wrong version used in the systemd unit file)