[FEDORA-2024-2e4858330c] Fedora 39: nginx
Severity
Medium
Affected Packages
1
CVEs
4
*) Security: when using HTTP/3, processing of a specially crafted QUIC
session might cause a worker process crash, worker process memory
disclosure on systems with MTU larger than 4096 bytes, or might have
potential other impact (CVE-2024-32760, CVE-2024-31079,
CVE-2024-35200, CVE-2024-34161).
Thanks to Nils Bars of CISPA.
*) Bugfix: reduced memory consumption for long-lived requests if "gzip",
"gunzip", "ssi", "sub_filter", or "grpc_pass" directives are used.
*) Bugfix: nginx could not be built by gcc 14 if the --with-atomic
option was used.
Thanks to Edgar Bonet.
*) Bugfix: in HTTP/3.
| Package | Affected Version |
|---|---|
 pkg:rpm/fedora/nginx?distro=fedora-39
|
< 1.26.1.1.fc39 |
- ID
- FEDORA-2024-2e4858330c
- Severity
- medium
- Severity from
- CVE-2024-32760
- URL
- https://bodhi.fedoraproject.org/updates/FEDORA-2024-2e4858330c
- Published
-
2024-06-08T19:35:25
(3 months ago) - Modified
-
2024-06-08T19:35:25
(3 months ago) - Rights
- Copyright 2024 Red Hat, Inc.
- Other Advisories
FREEBSD:320A19F7-1DDD-11EF-A2AE-8C164567CA3C
NGINX:CVE-2024-31079| Source | # ID | Name | URL |
|---|---|---|---|
| Bugzilla | 2283925 | Bug #2283925 - CVE-2024-35200 nginx: undisclosed HTTP/3 requests can cause NGINX worker processes to terminate [fedora-all] |
|
| Bugzilla | 2283946 | Bug #2283946 - CVE-2024-31079 nginx: undisclosed HTTP/3 requests can cause NGINX worker processes to terminate [fedora-all] |
|
| Bugzilla | 2283939 | Bug #2283939 - CVE-2024-32760 nginx: undisclosed HTTP/3 encoder instructions terminate or cause or other potential impact [fedora-all] |
|
| Bugzilla | 2283932 | Bug #2283932 - CVE-2024-34161 nginx: undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory [fedora-all] |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/fedora/nginx?distro=fedora-39 | fedora |
nginx
|
< 1.26.1.1.fc39 | fedora-39 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |