Advisories » MGASA-2022-0398

Updated nginx packages fix security vulnerability

Publication date: 28 Oct 2022
Modification date: 28 Oct 2022
Type: security
Affected Mageia releases : 8
CVE: CVE-2022-41741 , CVE-2022-41742

Description

Two security issues were identified in the ngx_http_mp4_module, which
might allow an attacker to cause a worker process crash or worker
process memory disclosure by using a specially crafted mp4 file, or
might have potential other impact. (CVE-2022-41741, CVE-2022-41742)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=30993
• https://mailman.nginx.org/archives/list/nginx-announce@nginx.org/message/RBRRON6PYBJJM2XIAPQBFBVLR4Q6IHRA/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41741
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41742

SRPMS

8/core

• nginx-1.18.0-5.3.mga8