New versions of the nginx web server have been released on November 6 to patch multiple security issues affecting versions before 1.15.6, 1.14.1 and allowing potential attackers to trigger a denial-of-service (DoS) state and to access to potentially sensitive info.
According to its project website, nginx is an open source “HTTP and reverse proxy server, a mail proxy server, and a generic TCP/UDP proxy server” released under the 2-clause BSD-like license.
Furthermore, “According to Netcraft, nginx served or proxied 25.28% busiest sites in October 2018. Here are some of the success stories: Dropbox, Netflix, WordPress.com, FastMail.FM” (emphasis ours.)
“Two security issues were identified in nginx HTTP/2 implementation, which might cause excessive memory consumption (CVE-2018-16843) and CPU usage (CVE-2018-16844),” as detailed in <a href="http://mailman.nginx.org/pipermail/nginx-announce/2018/000220… (read more)
Source: Latest News