Ubuntu alert USN-7014-2 (nginx)
| From: | Ian Constantin <ian.constantin@canonical.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-7014-2] nginx vulnerability | |
| Date: | Tue, 08 Oct 2024 19:18:29 +0300 | |
| Message-ID: | <85351330-04e6-47b6-8089-08af338a223f@canonical.com> |
========================================================================== Ubuntu Security Notice USN-7014-2 October 08, 2024 nginx vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: nginx could be made to crash if it received specially crafted network traffic. Software Description: - nginx: small, powerful, scalable web/proxy server Details: USN-7014-1 fixed a vulnerability in nginx. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that the nginx ngx_http_mp4 module incorrectly handled certain malformed mp4 files. In environments where the mp4 directive is in use, a remote attacker could possibly use this issue to cause nginx to crash, resulting in a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS nginx 1.14.0-0ubuntu1.11+esm1 Available with Ubuntu Pro nginx-common 1.14.0-0ubuntu1.11+esm1 Available with Ubuntu Pro nginx-core 1.14.0-0ubuntu1.11+esm1 Available with Ubuntu Pro nginx-extras 1.14.0-0ubuntu1.11+esm1 Available with Ubuntu Pro nginx-full 1.14.0-0ubuntu1.11+esm1 Available with Ubuntu Pro nginx-light 1.14.0-0ubuntu1.11+esm1 Available with Ubuntu Pro Ubuntu 16.04 LTS nginx 1.10.3-0ubuntu0.16.04.5+esm6 Available with Ubuntu Pro nginx-common 1.10.3-0ubuntu0.16.04.5+esm6 Available with Ubuntu Pro nginx-core 1.10.3-0ubuntu0.16.04.5+esm6 Available with Ubuntu Pro nginx-extras 1.10.3-0ubuntu0.16.04.5+esm6 Available with Ubuntu Pro nginx-full 1.10.3-0ubuntu0.16.04.5+esm6 Available with Ubuntu Pro nginx-light 1.10.3-0ubuntu0.16.04.5+esm6 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7014-2 https://ubuntu.com/security/notices/USN-7014-1 CVE-2024-7347
Attachment: OpenPGP_signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- wsD5BAABCAAjFiEEcxdv4gCCE8W9nrt5a1+PL+d1/EgFAmcFW1UFAwAAAAAACgkQa1+PL+d1/EjQ kAv+I0P4isxav6wSw3ie+Fi43I/VWh5chg/UNoMPP7QzzB6ZCEgWKsOyAX+WoZhKYbfZN4bzef7j aHF7w+DorA7POvYhWnwJcAcugQz/FD1BQ3q/sK+uDMlVGHpYuBprpAjIUd3IHkGTcQaIB0BYElwG TyUtpCxyXwbI647nthnWHOyTdyGhIdEudH0CDGrJEHmu5jymbgqsepWrAa+HqP0exvtvb8eagWyi ZENN/N1anEfLdn8aWlLb2bJjCSxBBmj59QDlqYy6wWRJEyvQX2N4ciwGINBkwqBHLoQU7qNnUGkA KEg7mCWwTMn1nqMntdntpyBJCvmHKzIwfeGWbR2e0RfIXqx4xlxTLSty9AmfsrzGmBTLfe3MI+KC XZnVb2IgS3BLAE7z+mEEE58BWMJGc+p2cJ0uRLfJ6aNSHBtRF7xP39QEnRmnRNH7MiQ1SirCWhGJ JbKeUSG4ep6XoXd/bLcgAzpvA3+Q0hawE2HvH5zzjkTEiv+BUPnA0cn7KmgX =0QAc -----END PGP SIGNATURE-----
Attachment: None (type=text/plain)