Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 556
Alerts This Week
Warning Icon 1 556

Ubuntu: 5722-1 Moderate: Nginx Memory Issues Affecting Multiple Releases

ubuntu
Calendar Grey November 15, 2022
Dist Ubuntu Esm H88
Multiple vulnerabilities in nginx addressed across various Ubuntu releases; upgrade now to ensure system stability and efficiency.
Several security issues were fixed in nginx.

Summary

Several security issues were fixed in nginx.

Software Description:

- nginx: small, powerful, scalable web/proxy server

Details:

It was discovered that nginx incorrectly handled certain memory operations in

the ngx_http_mp4_module module. A local attacker could possibly use this issue

with a specially crafted mp4 file to cause nginx to crash, stop responding, or

access arbitrary memory. (CVE-2022-41741, CVE-2022-41742)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.10:
  nginx                           1.22.0-1ubuntu1.1
  nginx-common                    1.22.0-1ubuntu1.1
  nginx-core                      1.22.0-1ubuntu1.1
  nginx-extras                    1.22.0-1ubuntu1.1
  nginx-full                      1.22.0-1ubuntu1.1
  nginx-light                     1.22.0-1ubuntu1.1

Ubuntu 22.04 LTS:
  nginx                           1.18.0-6ubuntu14.3
  nginx-common                    1.18.0-6ubuntu14.3
  nginx-core                      1.18.0-6ubuntu14.3
  nginx-extras                    1.18.0-6ubuntu14.3
  nginx-full                      1.18.0-6ubuntu14.3
  nginx-light                     1.18.0-6ubuntu14.3

Ubuntu 20.04 LTS:
  nginx                           1.18.0-0ubuntu1.4
  nginx-common                    1.18.0-0ubuntu1.4
  nginx-core                      1.18.0-0ubuntu1.4
  nginx-extras                    1.18.0-0ubuntu1.4
  nginx-full                      1.18.0-0ubuntu1.4
  nginx-light                     1.18.0-0ubuntu1.4

Ubuntu 18.04 LTS:
  nginx                           1.14.0-0ubuntu1.11
  nginx-common                    1.14.0-0ubuntu1.11
  nginx-core                      1.14.0-0ubuntu1.11
  nginx-extras                    1.14.0-0ubuntu1.11
  nginx-full                      1.14.0-0ubuntu1.11
  nginx-light                     1.14.0-0ubuntu1.11

Ubuntu 16.04 ESM:
  nginx                           1.10.3-0ubuntu0.16.04.5+esm5
  nginx-common                    1.10.3-0ubuntu0.16.04.5+esm5
  nginx-core                      1.10.3-0ubuntu0.16.04.5+esm5
  nginx-extras                    1.10.3-0ubuntu0.16.04.5+esm5
  nginx-full                      1.10.3-0ubuntu0.16.04.5+esm5
  nginx-light                     1.10.3-0ubuntu0.16.04.5+esm5

Ubuntu 14.04 ESM:
  nginx                           1.4.6-1ubuntu3.9+esm4
  nginx-common                    1.4.6-1ubuntu3.9+esm4
  nginx-core                      1.4.6-1ubuntu3.9+esm4
  nginx-extras                    1.4.6-1ubuntu3.9+esm4
  nginx-full                      1.4.6-1ubuntu3.9+esm4
  nginx-light                     1.4.6-1ubuntu3.9+esm4

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5722-1

CVE-2022-41741, CVE-2022-41742

Severity
important
Lowest
Low
Medium
High
Critical

November 15, 2022

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.