nginx:1.22 security update

エラータID: AXSA:2025-9815:01

Release date: 
Monday, March 31, 2025 - 21:56
Subject: 
nginx:1.22 security update
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.

Security Fix(es):

* nginx: specially crafted MP4 file may cause denial of service (CVE-2024-7347)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-7347
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted mp4 file with the ngx_http_mp4_module.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Modularity name: "nginx"
Stream name: "1.22"

Solution: 

Update packages.

CVEs: 
CVE-2024-7347
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted mp4 file with the ngx_http_mp4_module. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Additional Info: 

N/A

Download: 

SRPMS
  1. nginx-1.22.1-8.module+el9+1071+c29543f5.1.ML.1.src.rpm
    MD5: 7976576a1f172b9060f1ce63765f7ccf
    SHA-256: b4eb262ccaf4fb2c3e4ba470e8788cba01b40bc0db4ebadb7df4119b6624d8bf
    Size: 1.09 MB

Asianux Server 9 for x86_64
  1. nginx-1.22.1-8.module+el9+1071+c29543f5.1.ML.1.x86_64.rpm
    MD5: c236cb3b404cb63293071cf93e856d55
    SHA-256: aee748eabea4001201a51b4b507ce4106fdaa9819e8282ce4bb890ebf2607226
    Size: 40.68 kB
  2. nginx-all-modules-1.22.1-8.module+el9+1071+c29543f5.1.ML.1.noarch.rpm
    MD5: fef6312eb8fb9527d8b7371c4b52ffeb
    SHA-256: a531216b819fb900d8ad89a37b830331b0789a33388897470f4c8b17348e10a5
    Size: 7.76 kB
  3. nginx-core-1.22.1-8.module+el9+1071+c29543f5.1.ML.1.x86_64.rpm
    MD5: 6d7111037e69fd32d5452ee5a78408db
    SHA-256: f6befb6a093682ac2080591c595fdba2f5369c31fef8a611db0cb665ac161286
    Size: 578.00 kB
  4. nginx-debugsource-1.22.1-8.module+el9+1071+c29543f5.1.ML.1.x86_64.rpm
    MD5: b1917bcde2ba25e78837fd73e69201a2
    SHA-256: 7d6eba0ad34451261ab5f17b9b3708c4ca6346a4d15ef3f764d7d596c429d28c
    Size: 611.79 kB
  5. nginx-filesystem-1.22.1-8.module+el9+1071+c29543f5.1.ML.1.noarch.rpm
    MD5: abc7219af7ff7b0a56de7db12bd364d9
    SHA-256: 1de40cd3dbbc4460bc2975ee64a0ee3f6a946c95498364d02099c627fa67a250
    Size: 8.72 kB
  6. nginx-mod-devel-1.22.1-8.module+el9+1071+c29543f5.1.ML.1.x86_64.rpm
    MD5: d9c2174e1f222e1821aff63eda07e7dd
    SHA-256: 7f37c1c40fa4ffc248a1cb388b732ec846d8ba7308a005bf02aa71aa498342d9
    Size: 842.01 kB
  7. nginx-mod-http-image-filter-1.22.1-8.module+el9+1071+c29543f5.1.ML.1.x86_64.rpm
    MD5: 131ae0e1687ba037f227fe33d3dfd877
    SHA-256: d128d3d5fe1aec7350381d18ad0a8bd023695c7c27354ce58ac734d7bed99c9f
    Size: 19.49 kB
  8. nginx-mod-http-perl-1.22.1-8.module+el9+1071+c29543f5.1.ML.1.x86_64.rpm
    MD5: 2feb9dd34891b988de45d594168d6d4f
    SHA-256: 06edbcd09148667354628c154394a94bdcc1b1f696455974017da011cd06c670
    Size: 31.01 kB
  9. nginx-mod-http-xslt-filter-1.22.1-8.module+el9+1071+c29543f5.1.ML.1.x86_64.rpm
    MD5: 86bafd9cc723d70314b34be783828c99
    SHA-256: e40f8359781f25e15fea8e4551c294232adfc4e3880ab580628e9e7d2096ebee
    Size: 18.27 kB
  10. nginx-mod-mail-1.22.1-8.module+el9+1071+c29543f5.1.ML.1.x86_64.rpm
    MD5: deaf4fbc74ef45a8bdafc164dd4e16c7
    SHA-256: 51a1a21fd77d10ec6387b966b4e5a9793eae810dbcfa95f82a3fdfb70674a08c
    Size: 53.07 kB
  11. nginx-mod-stream-1.22.1-8.module+el9+1071+c29543f5.1.ML.1.x86_64.rpm
    MD5: fa6f06458505b9aa678c61d87ad776c8
    SHA-256: ee49d36db1d3d1eb42c17830be0f33a32c6c4c97871b323f1f41839a49f15bbc
    Size: 79.52 kB