CVE-2021-23017 | Ubuntu
Ubuntu is an open source software operating system that runs from the desktop, to the cloud, to all your internet connected things.
A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.
That’s the essence of the CVE-2021-23017 that was published on May 25. I patched NGINX Extended few days later for bionic, focal and groovyUbuntu releases. hirsute will join the builds eventually.
Additionally there was a minor bugfix release for ModSecurity, v1.0.2. It’s now also available in the PPA.