Debian alert DSA-5281-1 (nginx) [LWN.net]


From:   Moritz Muehlenhoff <jmm@debian.org>
To:   debian-security-announce@lists.debian.org
Subject:   [SECURITY] [DSA 5281-1] nginx security update
Date:   Tue, 15 Nov 2022 20:26:03 +0000
Message-ID:   <Y3P121EUTLIN0JCE@seger.debian.org>

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

– ————————————————————————-
Debian Security Advisory DSA-5281-1 security@debian.org
www.debian.org/security/ Moritz Muehlenhoff
November 15, 2022 www.debian.org/security/faq
– ————————————————————————-

Package : nginx
CVE ID : CVE-2022-41741 CVE-2022-41742

It was discovered that parsing errors in the mp4 module of Nginx, a
high-performance web and reverse proxy server, could result in denial
of service, memory disclosure or potentially the execution of arbitrary
code when processing a malformed mp4 file.

This module is only enabled in the nginx-extras binary package.

For the stable distribution (bullseye), these problems have been fixed in
version 1.18.0-6.1+deb11u3.

We recommend that you upgrade your nginx packages.

For the detailed security status of nginx please refer to
its security tracker page at:
security-tracker.debian.org/tracker/nginx

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmNz9JcACgkQEMKTtsN8
Tjb4tg/7BRkAkF48UvvRjLolxVVuV1paSTRG8ArEeW3fHyA0fxs2UMuRL4ic1vqc
i3wxAAfHvYoOnk+QBY20Ly2MN7S7OukNovKE9AZCPulyYkVjtIWNSBeY0PzCU60y
RP/KCZAGoGEYi6s4SUrK194ved+7jIcybgLvvGA8FRKW3wTRvzRGMfR6NTLuP7B3
th0C5+KkapE8G5XlHWOIjv1h3Ok40cua7LtYx9RTITJ+wClvkJ6gPcCXXj/CnWWa
PUvuEBwyr0PEBXfL9v1P8Eq1MmN+mWU9KeLYxIC+vcJxtpsYL67tMHIGTlDUgDVE
FrXrDXi7XP/6hjl7t/J/cTPEwy/twX0emUQcUDlRNlOxh3skSmdPJP7DMu+t9UtQ
suepgZ+oHfHh3gs9EWz2zRqbsVO03NjhKo9ebIjhe3H0P39cX3NN5qlSJeNTY45k
VBDecnPQnhYqYuzqwXy5ZoUQDcU0Bo7zaUzeYhUsfXqrROV/tj+UTMrM2anHdQ4B
kAOrCBpmGP1lLvDs2PzBcWmBtII/5VTKZep05xH0L+dZWDV07j1ekCzv3/kuKiMl
GTJQ7yl3fgKjLdkjMFKQIfsm3xdYwzxjOmtEY86tUV0LjtdR2GlJtF4YdIQhA4b1
/R82ZisLfmZ4ElL+ua8iypLOe9reyO4EpVVDkeewFS64Ye1Wn3k=
=3mDY
—–END PGP SIGNATURE—–


(Log in to post comments)

Read more here: Source link