Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 40: FEDORA-2024-6ba57fd2a3 Moderate: nginx Worker Crash due to mp4

fedora
Calendar Grey August 26, 2024
Dist Fedora Esm H88
The Fedora 40 patch resolves an issue that caused a worker process failure when handling mp4 files in the nginx-mod-vts module.
Security: processing of a specially crafted mp4 file by the ngx_http_mp4_module might cause a worker process crash (CVE-2024-7347)

Summary

Nginx virtual host traffic status module.

Update Information:

Security: processing of a specially crafted mp4 file by the ngx_http_mp4_module might cause a worker process crash (CVE-2024-7347). Thanks to Nils Bars.

Topics%20covered

Topics Covered

security advisory Fedora Denial of Service nginx module worker crash mp4 processing

Change Log

* Sat Aug 17 2024 Felix Kaechele - 0.2.2-9 - Rebuild for nginx 1.26.2 * Thu Jul 18 2024 Fedora Release Engineering - 0.2.2-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild

References


[ 1 ] Bug #2305156 - CVE-2024-7347 nginx: Nginx: Specially crafted file may cause Denial of Service [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2305156

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-6ba57fd2a3' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Name: nginx-mod-vts
Product: Fedora 40
Version: 0.2.2
Release: 9.fc40
URL: https://github.com/vozlt/nginx-module-vts
Summary: Nginx virtual host traffic status module

Topics%20covered

Topics Covered

security advisory Fedora Denial of Service nginx module worker crash mp4 processing

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here