Updating NGINX for a DNS Resolver Vulnerability (CVE-2021-23017)

Updating NGINX for a DNS Resolver Vulnerability (CVE-2021-23017)

Today we are releasing updates to NGINX Open Source, NGINX Plus, and NGINX Ingress Controller in response to a recently discovered low‑severity vulnerability in the NGINX implementation of DNS resolution. For full details and mitigation instructions, see the F5 Security Advisory about CVE-2021-23017.<!– is documented in CVE-2021-23017 –>

The patch for this vulnerability is included in the following NGINX versions:

• NGINX Open Source 1.20.1 (stable)
• NGINX Open Source 1.21.0 (mainline)
• NGINX Plus R23 P1
• NGINX Plus R24 P1
• NGINX Ingress Controller 1.11.2
• NGINX Ingress Controller 1.11.3

We recommend that you upgrade NGINX Open Source, NGINX Plus, and NGINX Ingress Controller to the latest versions.

For NGINX Plus upgrade instructions, see Upgrading NGINX Plus in the NGINX Plus Admin Guide.

NGINX Plus customers can contact our support team for assistance at https://my.f5.com/.

This vulnerability was discovered and responsibly disclosed to us by Luis Merino, Eric Sesterhenn, and Markus Vervier of X41 D‑Sec GmbH.

The post Updating NGINX for a DNS Resolver Vulnerability (CVE-2021-23017) appeared first on NGINX.

Source: Updating NGINX for a DNS Resolver Vulnerability (CVE-2021-23017)