Описание
ELSA-2025-3261: nginx:1.22 security update (MODERATE)
[1.22.1-8.0.1.1]
- Reference oracle-indexhtml within Requires [Orabug: 33802044]
- Remove Red Hat references [Orabug: 29498217]
[1:1.22.1-8.1]
- Resolves: RHEL-84486 - nginx:1.22/nginx: specially crafted MP4 file may cause denial of service (CVE-2024-7347)
[1:1.22.1-8]
- Resolves: RHEL-49349 - nginx worker processes memory leak
[1:1.22.1-7]
- Resolves: RHEL-40621 - openssl 3.2 ENGINE regression in nginx
[1:1.22.1-6]
- Resolves: RHEL-32650 - Nginx seg faults when proxy_ssl_certificate is set
[1:1.22.1-5]
- Resolves: RHEL-12737 - nginx:1.22/nginx: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
[1:1.22.1-4]
- Resolves: #2170808 - Running nginx with systemctl and entering ssl private key's pass phrase
- added new ssl_pass_phrase_dialog directive which enables setting external program for entering password for encrypted private key
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
Module nginx:1.22 is enabled
nginx
1.22.1-8.0.1.module+el9.5.0+90542+e87a1bbf.1
nginx-all-modules
1.22.1-8.0.1.module+el9.5.0+90542+e87a1bbf.1
nginx-core
1.22.1-8.0.1.module+el9.5.0+90542+e87a1bbf.1
nginx-filesystem
1.22.1-8.0.1.module+el9.5.0+90542+e87a1bbf.1
nginx-mod-devel
1.22.1-8.0.1.module+el9.5.0+90542+e87a1bbf.1
nginx-mod-http-image-filter
1.22.1-8.0.1.module+el9.5.0+90542+e87a1bbf.1
nginx-mod-http-perl
1.22.1-8.0.1.module+el9.5.0+90542+e87a1bbf.1
nginx-mod-http-xslt-filter
1.22.1-8.0.1.module+el9.5.0+90542+e87a1bbf.1
nginx-mod-mail
1.22.1-8.0.1.module+el9.5.0+90542+e87a1bbf.1
nginx-mod-stream
1.22.1-8.0.1.module+el9.5.0+90542+e87a1bbf.1
Oracle Linux x86_64
Module nginx:1.22 is enabled
nginx
1.22.1-8.0.1.module+el9.5.0+90542+e87a1bbf.1
nginx-all-modules
1.22.1-8.0.1.module+el9.5.0+90542+e87a1bbf.1
nginx-core
1.22.1-8.0.1.module+el9.5.0+90542+e87a1bbf.1
nginx-filesystem
1.22.1-8.0.1.module+el9.5.0+90542+e87a1bbf.1
nginx-mod-devel
1.22.1-8.0.1.module+el9.5.0+90542+e87a1bbf.1
nginx-mod-http-image-filter
1.22.1-8.0.1.module+el9.5.0+90542+e87a1bbf.1
nginx-mod-http-perl
1.22.1-8.0.1.module+el9.5.0+90542+e87a1bbf.1
nginx-mod-http-xslt-filter
1.22.1-8.0.1.module+el9.5.0+90542+e87a1bbf.1
nginx-mod-mail
1.22.1-8.0.1.module+el9.5.0+90542+e87a1bbf.1
nginx-mod-stream
1.22.1-8.0.1.module+el9.5.0+90542+e87a1bbf.1
Связанные CVE
Связанные уязвимости
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted mp4 file with the ngx_http_mp4_module. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted mp4 file with the ngx_http_mp4_module. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted mp4 file with the ngx_http_mp4_module. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_ ...