Headline
Ubuntu Security Notice USN-7014-1
Ubuntu Security Notice 7014-1 - It was discovered that the nginx ngx_http_mp4 module incorrectly handled certain malformed mp4 files. In environments where the mp4 directive is in use, a remote attacker could possibly use this issue to cause nginx to crash, resulting in a denial of service.
==========================================================================Ubuntu Security Notice USN-7014-1September 16, 2024nginx vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 24.04 LTS- Ubuntu 22.04 LTS- Ubuntu 20.04 LTSSummary:nginx could be made to crash if it received specially crafted networktraffic.Software Description:- nginx: small, powerful, scalable web/proxy serverDetails:It was discovered that the nginx ngx_http_mp4 module incorrectly handledcertain malformed mp4 files. In environments where the mp4 directive is inuse, a remote attacker could possibly use this issue to cause nginx tocrash, resulting in a denial of service.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 24.04 LTS nginx 1.24.0-2ubuntu7.1 nginx-common 1.24.0-2ubuntu7.1 nginx-core 1.24.0-2ubuntu7.1 nginx-extras 1.24.0-2ubuntu7.1 nginx-full 1.24.0-2ubuntu7.1 nginx-light 1.24.0-2ubuntu7.1Ubuntu 22.04 LTS nginx 1.18.0-6ubuntu14.5 nginx-common 1.18.0-6ubuntu14.5 nginx-core 1.18.0-6ubuntu14.5 nginx-extras 1.18.0-6ubuntu14.5 nginx-full 1.18.0-6ubuntu14.5 nginx-light 1.18.0-6ubuntu14.5Ubuntu 20.04 LTS nginx 1.18.0-0ubuntu1.6 nginx-common 1.18.0-0ubuntu1.6 nginx-core 1.18.0-0ubuntu1.6 nginx-extras 1.18.0-0ubuntu1.6 nginx-full 1.18.0-0ubuntu1.6 nginx-light 1.18.0-0ubuntu1.6In general, a standard system update will make all the necessary changes.References: https://ubuntu.com/security/notices/USN-7014-1 CVE-2024-7347Package Information: https://launchpad.net/ubuntu/+source/nginx/1.24.0-2ubuntu7.1 https://launchpad.net/ubuntu/+source/nginx/1.18.0-6ubuntu14.5 https://launchpad.net/ubuntu/+source/nginx/1.18.0-0ubuntu1.6
Related news
Ubuntu Security Notice 7014-3 - USN-7014-1 fixed a vulnerability in nginx. This update provides the corresponding update for Ubuntu 14.04 LTS. It was discovered that the nginx ngx_http_mp4 module incorrectly handled certain malformed mp4 files. In environments where the mp4 directive is in use, a remote attacker could possibly use this issue to cause nginx to crash, resulting in a denial of service.
Ubuntu Security Notice 7014-2 - USN-7014-1 fixed a vulnerability in nginx. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that the nginx ngx_http_mp4 module incorrectly handled certain malformed mp4 files. In environments where the mp4 directive is in use, a remote attacker could possibly use this issue to cause nginx to crash, resulting in a denial of service.
Gentoo Linux Security Advisory 202409-32 - Multiple vulnerabilities have been discovered in nginx, the worst of which could result in denial of service. Versions greater than or equal to 1.26.2-r2 are affected.