CVE-2024-7347 was announced here: https://openwall.com/lists/oss-security/2024/08/14/4 The fix is: https://nginx.org/download/patch.2024.mp4.txt
Source RPM: (none) => nginx-1.24.0-2.mga9.src.rpmCVE: (none) => CVE-2024-7347
No registered maintainer, so assigning to all. CC'ing kekepower, who touched this package most often in recent years
CC: (none) => marja11, smelrorAssignee: bugsquad => pkg-bugs
Advisory ======== Nginx has been updated to the latest stable release to fix CVE. References ========== https://openwall.com/lists/oss-security/2024/08/14/4 Files ===== Uploaded to core/updates_testing nginx-1.26.2-1.mga9 from nginx-1.26.2-1.mga9.src.rpm
Assignee: pkg-bugs => bugsquad
Assignee: bugsquad => qa-bugs
Keywords: (none) => advisoryCC: (none) => tarazed25
Advisory ======== Nginx has been updated to the latest stable release to fix CVE-2024-7347. CVE-2024-7347: NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted mp4 file with the ngx_http_mp4_module. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. References ========== https://openwall.com/lists/oss-security/2024/08/14/4 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7347 Files ===== Uploaded to core/updates_testing nginx-1.26.2-1.mga9 from nginx-1.26.2-1.mga9.src.rpm
Thanks Stig for the updated advisory.
MGA9-64 server Plasma Wayland on HP-Pavillion No installation issues. Ref bug 30993 for testing. # nginx Then point firefox to http://localhost/ and get page as answer with in the heading: "Welcome to nginx 1.26.2 on Mageia!" Good enough for me.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA9-64-OK
Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0286.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED