nginx:1.24 security update
エラータID: AXSA:2025-9816:01
nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.
Security Fix(es):
* nginx: specially crafted MP4 file may cause denial of service (CVE-2024-7347)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2024-7347
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted mp4 file with the ngx_http_mp4_module. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Modularity name: "nginx"
Stream name: "1.24"
Update packages.
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted mp4 file with the ngx_http_mp4_module. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
N/A
SRPMS
- nginx-1.24.0-4.module+el9+1072+37fb6aa9.1.ML.1.src.rpm
MD5: daea4424163cd0da87fc5aec16e8456a
SHA-256: 32b2dad96f5b66953218416d5ceed7311d4c16c6afe026d7aec1d34ee372b1f4
Size: 1.13 MB
Asianux Server 9 for x86_64
- nginx-1.24.0-4.module+el9+1072+37fb6aa9.1.ML.1.x86_64.rpm
MD5: 2d57550e2f48292f53dffc92ec76495a
SHA-256: 11e8f850cdd8c21e7869871fb3dddcaf7540c08b14239d5d8eb15fe80c33a855
Size: 36.34 kB - nginx-all-modules-1.24.0-4.module+el9+1072+37fb6aa9.1.ML.1.noarch.rpm
MD5: 2b5d9ce1d35ad5021ef3ef1415e222cc
SHA-256: 22f3dd53866d39265c27870a746c03c32a20d05ce22a6ffa0f36c3d1a0ac4f5d
Size: 7.82 kB - nginx-core-1.24.0-4.module+el9+1072+37fb6aa9.1.ML.1.x86_64.rpm
MD5: 828fdfefc47ca1f20df3db6161534f86
SHA-256: 6d78803eecde68c2898892920ff062346aa9e913b5872fead43de0f9f4a2be7e
Size: 583.40 kB - nginx-debugsource-1.24.0-4.module+el9+1072+37fb6aa9.1.ML.1.x86_64.rpm
MD5: 2ffbcfed226957100e1d79bd48e82e2f
SHA-256: 17aeed7b3748d0311a2cb98c67bb741646157db0a222281739a18b03069fc2ce
Size: 616.33 kB - nginx-filesystem-1.24.0-4.module+el9+1072+37fb6aa9.1.ML.1.noarch.rpm
MD5: 2c4c80a03603805e91b987e083b25ef5
SHA-256: 79cfac85041f73fdd894e11bcd8b20097f49d3b95b946d0649b1f06a4346f9d6
Size: 8.78 kB - nginx-mod-devel-1.24.0-4.module+el9+1072+37fb6aa9.1.ML.1.x86_64.rpm
MD5: 69ea450c5981b4a7f552632708bc3a1d
SHA-256: 89a015c46f0513912a4c1a9ecff8bdd8246ee70822c9906c8cd9ba85aa331967
Size: 881.54 kB - nginx-mod-http-image-filter-1.24.0-4.module+el9+1072+37fb6aa9.1.ML.1.x86_64.rpm
MD5: 88367c0304a1aea25edc6a56b2d927f3
SHA-256: 6f202767e035371449c239dbeaf225d9fcf54456f2f90305640862749d7e3a34
Size: 19.55 kB - nginx-mod-http-perl-1.24.0-4.module+el9+1072+37fb6aa9.1.ML.1.x86_64.rpm
MD5: 2126e988fd22922e18fd464432f3b899
SHA-256: 4e9e699d92b860da4f05a396773d9becf2091c1fcc8877fd2809f7f797dce061
Size: 31.05 kB - nginx-mod-http-xslt-filter-1.24.0-4.module+el9+1072+37fb6aa9.1.ML.1.x86_64.rpm
MD5: 4dfc90f63360f749a21ed597abb944fe
SHA-256: aaa12ffdc8b215eac2b907c59e05395870183d4054bc4de0d955171bd00a0a28
Size: 18.32 kB - nginx-mod-mail-1.24.0-4.module+el9+1072+37fb6aa9.1.ML.1.x86_64.rpm
MD5: 118229f29f39e8ddc3bf0a2a4a4fca92
SHA-256: 0e80406e01871eba924371bacb6d18d6b3627a8cf2ede2bf39804fcc95c8ba15
Size: 53.21 kB - nginx-mod-stream-1.24.0-4.module+el9+1072+37fb6aa9.1.ML.1.x86_64.rpm
MD5: fafee8ef8524f337c5939408cb332aac
SHA-256: a731e18b653d8476f35eac67bc9d1fd4afe7134781609299c6273f9a383e1ec3
Size: 79.94 kB