NGINX Extended Security Update (3) →

A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.

That’s the essence of the CVE-2021-23017 that was published on May 25. I patched NGINX Extended few days later for bionic, focal and groovy Ubuntu releases. hirsute will join the builds eventually.

Additionally there was a minor bugfix release for ModSecurity, v1.0.2. It’s now also available in the PPA.