1. 修复的CVE信息
CVE-2021-23017
F5 NGINX Controller是美国F5公司的一款用于NGINX的集中式监视和管理平台。该平台支持使用可视化界面管理多个NGINX实例。F5 NGINX Controller存在安全漏洞,该漏洞允许攻击者从DNS服务器伪造UDP数据包造成1-byte的内存覆盖,导致工作进程崩溃或潜在的其他影响。
2. 受影响的软件包
银河麒麟桌面操作系统V10 SP1
libnginx-mod-http-auth-pam
libnginx-mod-http-cache-purge
libnginx-mod-http-dav-ext
libnginx-mod-http-echo
libnginx-mod-http-fancyindex
libnginx-mod-http-geoip
libnginx-mod-http-geoip2
libnginx-mod-http-headers-more-filter
libnginx-mod-http-image-filter
libnginx-mod-http-lua
libnginx-mod-http-ndk
libnginx-mod-http-perl
libnginx-mod-http-subs-filter
libnginx-mod-http-uploadprogress
libnginx-mod-http-upstream-fair
libnginx-mod-http-xslt-filter
libnginx-mod-mail
libnginx-mod-nchan
libnginx-mod-rtmp
libnginx-mod-stream
nginx
nginx-common
nginx-core
nginx-doc
nginx-extras
nginx-full
nginx-light
3. 影响的操作系统
银河麒麟桌面操作系统V10 SP1
4. 修复版本
软件包:nginx
1.18.0-0kylin1.2(V10 SP1)
5. 修复方法
4.0.2桌面版本:http://archive.kylinos.cn/kylin/KYLIN-ALL 4.0.2-desktop main restricted universe multiverse
6. 软件包下载地址
银河麒麟桌面操作系统V10 SP1
X86下载地址
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nginx/nginx-extras_1.18.0-0kylin1.2_amd64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nginx/nginx-core_1.18.0-0kylin1.2_amd64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nginx/nginx-common_1.18.0-0kylin1.2_all.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nginx/nginx-full_1.18.0-0kylin1.2_amd64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nginx/nginx_1.18.0-0kylin1.2_all.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nginx/nginx-doc_1.18.0-0kylin1.2_all.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/n/nginx/nginx-light_1.18.0-0kylin1.2_amd64.deb