Описание
ELSA-2025-3262: nginx:1.24 security update (MODERATE)
[1.24.0-4.0.1.1]
- Reference oracle-indexhtml within Requires [Orabug: 33802044]
- Remove Red Hat references [Orabug: 29498217]
[1:1.24.0-4.1]
- Resolves: RHEL-84480 - nginx:1.24/nginx: specially crafted MP4 file may cause denial of service (CVE-2024-7347)
[1:1.24.0-4]
- Resolves: RHEL-49350 - nginx worker processes memory leak
[1:1.24.0-3]
- Resolves: RHEL-40622 - openssl 3.2 ENGINE regression in nginx
[1:1.24.0-2]
- Resolves: RHEL-38498 - Nginx seg faults when proxy_ssl_certificate is set
[1:1.24.0-1]
- new version 1.24.0
[1:1.22.1-5]
- Resolves: RHEL-12737 - nginx:1.22/nginx: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
[1:1.22.1-4]
- Resolves: #2170808 - Running nginx with systemctl and entering ssl private key's pass phrase
- added new ssl_pass_phrase_dialog directive which enables setting external program for entering password for encrypted private key
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
Module nginx:1.24 is enabled
nginx
1.24.0-4.0.1.module+el9.5.0+90543+4953bb61.1
nginx-all-modules
1.24.0-4.0.1.module+el9.5.0+90543+4953bb61.1
nginx-core
1.24.0-4.0.1.module+el9.5.0+90543+4953bb61.1
nginx-filesystem
1.24.0-4.0.1.module+el9.5.0+90543+4953bb61.1
nginx-mod-devel
1.24.0-4.0.1.module+el9.5.0+90543+4953bb61.1
nginx-mod-http-image-filter
1.24.0-4.0.1.module+el9.5.0+90543+4953bb61.1
nginx-mod-http-perl
1.24.0-4.0.1.module+el9.5.0+90543+4953bb61.1
nginx-mod-http-xslt-filter
1.24.0-4.0.1.module+el9.5.0+90543+4953bb61.1
nginx-mod-mail
1.24.0-4.0.1.module+el9.5.0+90543+4953bb61.1
nginx-mod-stream
1.24.0-4.0.1.module+el9.5.0+90543+4953bb61.1
Oracle Linux x86_64
Module nginx:1.24 is enabled
nginx
1.24.0-4.0.1.module+el9.5.0+90543+4953bb61.1
nginx-all-modules
1.24.0-4.0.1.module+el9.5.0+90543+4953bb61.1
nginx-core
1.24.0-4.0.1.module+el9.5.0+90543+4953bb61.1
nginx-filesystem
1.24.0-4.0.1.module+el9.5.0+90543+4953bb61.1
nginx-mod-devel
1.24.0-4.0.1.module+el9.5.0+90543+4953bb61.1
nginx-mod-http-image-filter
1.24.0-4.0.1.module+el9.5.0+90543+4953bb61.1
nginx-mod-http-perl
1.24.0-4.0.1.module+el9.5.0+90543+4953bb61.1
nginx-mod-http-xslt-filter
1.24.0-4.0.1.module+el9.5.0+90543+4953bb61.1
nginx-mod-mail
1.24.0-4.0.1.module+el9.5.0+90543+4953bb61.1
nginx-mod-stream
1.24.0-4.0.1.module+el9.5.0+90543+4953bb61.1
Связанные CVE
Связанные уязвимости
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted mp4 file with the ngx_http_mp4_module. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted mp4 file with the ngx_http_mp4_module. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted mp4 file with the ngx_http_mp4_module. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_ ...