[FEDORA-2024-8ba5080dfa] Fedora 39: nginx, nginx-mod-naxsi, nginx-mod-vts, nginx-mod-fancyindex, nginx-mod-modsecurity

Severity Medium

Affected Packages 5

CVEs 1

Security: processing of a specially crafted mp4 file by the
ngx_http_mp4_module might cause a worker process crash
(CVE-2024-7347).
Thanks to Nils Bars.

Package	Affected Version
pkg:rpm/fedora/nginx?distro=fedora-39	< 1.26.2.1.fc39
pkg:rpm/fedora/nginx-mod-vts?distro=fedora-39	< 0.2.2.9.fc39
pkg:rpm/fedora/nginx-mod-naxsi?distro=fedora-39	< 1.6.6.fc39
pkg:rpm/fedora/nginx-mod-modsecurity?distro=fedora-39	< 1.0.3.13.fc39
pkg:rpm/fedora/nginx-mod-fancyindex?distro=fedora-39	< 0.5.2.5.fc39

ID

FEDORA-2024-8ba5080dfa

Severity

medium

Severity from

CVE-2024-7347

URL

https://bodhi.fedoraproject.org/updates/FEDORA-2024-8ba5080dfa

Published

2024-08-26T01:31:55
(3 weeks ago)

Modified

2024-08-26T01:31:55
(3 weeks ago)

Rights

Other Advisories

Source	# ID	Name	URL
Bugzilla	2305156	Bug #2305156 - CVE-2024-7347 nginx: Nginx: Specially crafted file may cause Denial of Service [fedora-all]	https://bugzilla.redhat.com/show_bug.cgi?id=2305156

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform
Affected	pkg:rpm/fedora/nginx?distro=fedora-39	fedora	nginx	< 1.26.2.1.fc39	fedora-39
Affected	pkg:rpm/fedora/nginx-mod-vts?distro=fedora-39	fedora	nginx-mod-vts	< 0.2.2.9.fc39	fedora-39
Affected	pkg:rpm/fedora/nginx-mod-naxsi?distro=fedora-39	fedora	nginx-mod-naxsi	< 1.6.6.fc39	fedora-39
Affected	pkg:rpm/fedora/nginx-mod-modsecurity?distro=fedora-39	fedora	nginx-mod-modsecurity	< 1.0.3.13.fc39	fedora-39
Affected	pkg:rpm/fedora/nginx-mod-fancyindex?distro=fedora-39	fedora	nginx-mod-fancyindex	< 0.5.2.5.fc39	fedora-39

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date