[FEDORA-2024-2e4858330c] Fedora 39: nginx
Severity
Medium
Affected Packages
1
CVEs
4
*) Security: when using HTTP/3, processing of a specially crafted QUIC
session might cause a worker process crash, worker process memory
disclosure on systems with MTU larger than 4096 bytes, or might have
potential other impact (CVE-2024-32760, CVE-2024-31079,
CVE-2024-35200, CVE-2024-34161).
Thanks to Nils Bars of CISPA.
*) Bugfix: reduced memory consumption for long-lived requests if "gzip",
"gunzip", "ssi", "sub_filter", or "grpc_pass" directives are used.
*) Bugfix: nginx could not be built by gcc 14 if the --with-atomic
option was used.
Thanks to Edgar Bonet.
*) Bugfix: in HTTP/3.
Package | Affected Version |
---|---|
pkg:rpm/fedora/nginx?distro=fedora-39 | < 1.26.1.1.fc39 |
- ID
- FEDORA-2024-2e4858330c
- Severity
- medium
- Severity from
- CVE-2024-32760
- URL
- https://bodhi.fedoraproject.org/updates/FEDORA-2024-2e4858330c
- Published
-
2024-06-08T19:35:25
(3 months ago) - Modified
-
2024-06-08T19:35:25
(3 months ago) - Rights
- Copyright 2024 Red Hat, Inc.
- Other Advisories
Source | # ID | Name | URL |
---|---|---|---|
Bugzilla | 2283925 | Bug #2283925 - CVE-2024-35200 nginx: undisclosed HTTP/3 requests can cause NGINX worker processes to terminate [fedora-all] | https://bugzilla.redhat.com/show_bug.cgi?id=2283925 |
Bugzilla | 2283946 | Bug #2283946 - CVE-2024-31079 nginx: undisclosed HTTP/3 requests can cause NGINX worker processes to terminate [fedora-all] | https://bugzilla.redhat.com/show_bug.cgi?id=2283946 |
Bugzilla | 2283939 | Bug #2283939 - CVE-2024-32760 nginx: undisclosed HTTP/3 encoder instructions terminate or cause or other potential impact [fedora-all] | https://bugzilla.redhat.com/show_bug.cgi?id=2283939 |
Bugzilla | 2283932 | Bug #2283932 - CVE-2024-34161 nginx: undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory [fedora-all] | https://bugzilla.redhat.com/show_bug.cgi?id=2283932 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/fedora/nginx?distro=fedora-39 | fedora | nginx | < 1.26.1.1.fc39 | fedora-39 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |