Security fix for CVE-2018-16843, CVE-2018-16844, CVE-2018-16845 + nginx rebase to 1.14.1.
Logout Required
After installing this update it is required that you logout of
your current user session and log back in to ensure the changes
supplied by this update are applied properly.
This update has been submitted for testing by luhliarik.
Newer upstream nginx 1.14.2 was released with Fedora-specific fix. Changes include:
*) Bugfix: nginx could not be built by gcc 8.1.
*) Bugfix: nginx could not be built on Fedora 28 Linux.
*) Bugfix: in handling of client addresses when using unix domain listen
sockets to work with datagrams on Linux.
*) Change: the logging level of the "http request", "https proxy
request", "unsupported protocol", "version too low", "no suitable key
share", and "no suitable signature algorithm" SSL errors has been
lowered from "crit" to "info".
*) Bugfix: when using OpenSSL 1.1.0 or newer it was not possible to
switch off "ssl_prefer_server_ciphers" in a virtual server if it was
switched on in the default server.
*) Bugfix: nginx could not be built with LibreSSL 2.8.0.
*) Bugfix: if nginx was built with OpenSSL 1.1.0 and used with OpenSSL
1.1.1, the TLS 1.3 protocol was always enabled.
*) Bugfix: sending a disk-buffered request body to a gRPC backend might
fail.
*) Bugfix: connections with some gRPC backends might not be cached when
using the "keepalive" directive.
*) Bugfix: a segmentation fault might occur in a worker process if the
ngx_http_mp4_module was used on 32-bit platforms.
This update has been submitted for testing by luhliarik.
This update has been pushed to testing.
This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes
Newer upstream nginx 1.14.2 was released with Fedora-specific fix. Changes include:
Looks ok.