Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-7014-1

Ubuntu Security Notice 7014-1 - It was discovered that the nginx ngx_http_mp4 module incorrectly handled certain malformed mp4 files. In environments where the mp4 directive is in use, a remote attacker could possibly use this issue to cause nginx to crash, resulting in a denial of service.

Packet Storm
Open in Source
#vulnerability#web#ubuntu#dos#nginx
==========================================================================Ubuntu Security Notice USN-7014-1September 16, 2024nginx vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 24.04 LTS- Ubuntu 22.04 LTS- Ubuntu 20.04 LTSSummary:nginx could be made to crash if it received specially crafted networktraffic.Software Description:- nginx: small, powerful, scalable web/proxy serverDetails:It was discovered that the nginx ngx_http_mp4 module incorrectly handledcertain malformed mp4 files. In environments where the mp4 directive is inuse, a remote attacker could possibly use this issue to cause nginx tocrash, resulting in a denial of service.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 24.04 LTS   nginx                           1.24.0-2ubuntu7.1   nginx-common                    1.24.0-2ubuntu7.1   nginx-core                      1.24.0-2ubuntu7.1   nginx-extras                    1.24.0-2ubuntu7.1   nginx-full                      1.24.0-2ubuntu7.1   nginx-light                     1.24.0-2ubuntu7.1Ubuntu 22.04 LTS   nginx                           1.18.0-6ubuntu14.5   nginx-common                    1.18.0-6ubuntu14.5   nginx-core                      1.18.0-6ubuntu14.5   nginx-extras                    1.18.0-6ubuntu14.5   nginx-full                      1.18.0-6ubuntu14.5   nginx-light                     1.18.0-6ubuntu14.5Ubuntu 20.04 LTS   nginx                           1.18.0-0ubuntu1.6   nginx-common                    1.18.0-0ubuntu1.6   nginx-core                      1.18.0-0ubuntu1.6   nginx-extras                    1.18.0-0ubuntu1.6   nginx-full                      1.18.0-0ubuntu1.6   nginx-light                     1.18.0-0ubuntu1.6In general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-7014-1   CVE-2024-7347Package Information:   https://launchpad.net/ubuntu/+source/nginx/1.24.0-2ubuntu7.1   https://launchpad.net/ubuntu/+source/nginx/1.18.0-6ubuntu14.5   https://launchpad.net/ubuntu/+source/nginx/1.18.0-0ubuntu1.6

Related news

Gentoo Linux Security Advisory 202409-32

Gentoo Linux Security Advisory 202409-32 - Multiple vulnerabilities have been discovered in nginx, the worst of which could result in denial of service. Versions greater than or equal to 1.26.2-r2 are affected.

Packet Storm: Latest News

Zeek 6.0.8
Packet Storm