Tuesday, October 8, 2024

[USN-7014-2] nginx vulnerability

-----BEGIN PGP SIGNATURE-----

wsD5BAABCAAjFiEEcxdv4gCCE8W9nrt5a1+PL+d1/EgFAmcFW1UFAwAAAAAACgkQa1+PL+d1/EjQ
kAv+I0P4isxav6wSw3ie+Fi43I/VWh5chg/UNoMPP7QzzB6ZCEgWKsOyAX+WoZhKYbfZN4bzef7j
aHF7w+DorA7POvYhWnwJcAcugQz/FD1BQ3q/sK+uDMlVGHpYuBprpAjIUd3IHkGTcQaIB0BYElwG
TyUtpCxyXwbI647nthnWHOyTdyGhIdEudH0CDGrJEHmu5jymbgqsepWrAa+HqP0exvtvb8eagWyi
ZENN/N1anEfLdn8aWlLb2bJjCSxBBmj59QDlqYy6wWRJEyvQX2N4ciwGINBkwqBHLoQU7qNnUGkA
KEg7mCWwTMn1nqMntdntpyBJCvmHKzIwfeGWbR2e0RfIXqx4xlxTLSty9AmfsrzGmBTLfe3MI+KC
XZnVb2IgS3BLAE7z+mEEE58BWMJGc+p2cJ0uRLfJ6aNSHBtRF7xP39QEnRmnRNH7MiQ1SirCWhGJ
JbKeUSG4ep6XoXd/bLcgAzpvA3+Q0hawE2HvH5zzjkTEiv+BUPnA0cn7KmgX
=0QAc
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7014-2
October 08, 2024

nginx vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

nginx could be made to crash if it received specially crafted network
traffic.

Software Description:
- nginx: small, powerful, scalable web/proxy server

Details:

USN-7014-1 fixed a vulnerability in nginx. This update provides the
corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

Original advisory details:

 It was discovered that the nginx ngx_http_mp4 module incorrectly handled
 certain malformed mp4 files. In environments where the mp4 directive is in
 use, a remote attacker could possibly use this issue to cause nginx to
 crash, resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS
  nginx                           1.14.0-0ubuntu1.11+esm1
                                  Available with Ubuntu Pro
  nginx-common                    1.14.0-0ubuntu1.11+esm1
                                  Available with Ubuntu Pro
  nginx-core                      1.14.0-0ubuntu1.11+esm1
                                  Available with Ubuntu Pro
  nginx-extras                    1.14.0-0ubuntu1.11+esm1
                                  Available with Ubuntu Pro
  nginx-full                      1.14.0-0ubuntu1.11+esm1
                                  Available with Ubuntu Pro
  nginx-light                     1.14.0-0ubuntu1.11+esm1
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  nginx                           1.10.3-0ubuntu0.16.04.5+esm6
                                  Available with Ubuntu Pro
  nginx-common                    1.10.3-0ubuntu0.16.04.5+esm6
                                  Available with Ubuntu Pro
  nginx-core                      1.10.3-0ubuntu0.16.04.5+esm6
                                  Available with Ubuntu Pro
  nginx-extras                    1.10.3-0ubuntu0.16.04.5+esm6
                                  Available with Ubuntu Pro
  nginx-full                      1.10.3-0ubuntu0.16.04.5+esm6
                                  Available with Ubuntu Pro
  nginx-light                     1.10.3-0ubuntu0.16.04.5+esm6
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7014-2
  https://ubuntu.com/security/notices/USN-7014-1
  CVE-2024-7347

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)