Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Fedora 40: 2024-7da67gh2b4 Moderate Nginx FancyIndex DoS Vulnerability

fedora
Calendar Grey August 26, 2024
Dist Fedora Esm H88
The latest Fedora 40 update resolves a worker crash linked to an mp4 file handling problem within the nginx-mod-fancyindex module.
Security: processing of a specially crafted mp4 file by the ngx_http_mp4_module might cause a worker process crash (CVE-2024-7347)

Summary

The Fancy Index module makes possible the generation of file listings,

like the built-in autoindex module does, but adding a touch of style.

This is possible because the module allows a certain degree of

customization of the generated content:

* Custom headers. Either local or stored remotely.

* Custom footers. Either local or stored remotely.

* Add you own CSS style rules.

* Allow choosing to sort elements by name (default),

modification time, or size; both ascending (default),

or descending.

Update Information:

Security: processing of a specially crafted mp4 file by the ngx_http_mp4_module might cause a worker process crash (CVE-2024-7347). Thanks to Nils Bars.

Change Log

* Fri Aug 16 2024 Felix Kaechele - 0.5.2-7 - Rebuild for nginx 1.26.2

References


[ 1 ] Bug #2305156 - CVE-2024-7347 nginx: Nginx: Specially crafted file may cause Denial of Service [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2305156

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-6ba57fd2a3' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: nginx-mod-fancyindex
Product: Fedora 40
Version: 0.5.2
Release: 7.fc40
Summary: Nginx FancyIndex module

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here