[FEDORA-2024-8ba5080dfa] Fedora 39: nginx, nginx-mod-naxsi, nginx-mod-vts, nginx-mod-fancyindex, nginx-mod-modsecurity
Severity
Medium
Affected Packages
5
CVEs
1
Security: processing of a specially crafted mp4 file by the
ngx_http_mp4_module might cause a worker process crash
(CVE-2024-7347).
Thanks to Nils Bars.
Package | Affected Version |
---|---|
pkg:rpm/fedora/nginx?distro=fedora-39 | < 1.26.2.1.fc39 |
pkg:rpm/fedora/nginx-mod-vts?distro=fedora-39 | < 0.2.2.9.fc39 |
pkg:rpm/fedora/nginx-mod-naxsi?distro=fedora-39 | < 1.6.6.fc39 |
pkg:rpm/fedora/nginx-mod-modsecurity?distro=fedora-39 | < 1.0.3.13.fc39 |
pkg:rpm/fedora/nginx-mod-fancyindex?distro=fedora-39 | < 0.5.2.5.fc39 |
- ID
- FEDORA-2024-8ba5080dfa
- Severity
- medium
- Severity from
- CVE-2024-7347
- URL
- https://bodhi.fedoraproject.org/updates/FEDORA-2024-8ba5080dfa
- Published
-
2024-08-26T01:31:55
(3 weeks ago) - Modified
-
2024-08-26T01:31:55
(3 weeks ago) - Rights
- Copyright 2024 Red Hat, Inc.
- Other Advisories
Source | # ID | Name | URL |
---|---|---|---|
Bugzilla | 2305156 | Bug #2305156 - CVE-2024-7347 nginx: Nginx: Specially crafted file may cause Denial of Service [fedora-all] | https://bugzilla.redhat.com/show_bug.cgi?id=2305156 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/fedora/nginx?distro=fedora-39 | fedora | nginx | < 1.26.2.1.fc39 | fedora-39 | ||
Affected | pkg:rpm/fedora/nginx-mod-vts?distro=fedora-39 | fedora | nginx-mod-vts | < 0.2.2.9.fc39 | fedora-39 | ||
Affected | pkg:rpm/fedora/nginx-mod-naxsi?distro=fedora-39 | fedora | nginx-mod-naxsi | < 1.6.6.fc39 | fedora-39 | ||
Affected | pkg:rpm/fedora/nginx-mod-modsecurity?distro=fedora-39 | fedora | nginx-mod-modsecurity | < 1.0.3.13.fc39 | fedora-39 | ||
Affected | pkg:rpm/fedora/nginx-mod-fancyindex?distro=fedora-39 | fedora | nginx-mod-fancyindex | < 0.5.2.5.fc39 | fedora-39 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |