nginx:1.24 security update

エラータID: AXSA:2025-9816:01

Release date: 
Monday, March 31, 2025 - 22:03
Subject: 
nginx:1.24 security update
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.

Security Fix(es):

* nginx: specially crafted MP4 file may cause denial of service (CVE-2024-7347)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-7347
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted mp4 file with the ngx_http_mp4_module.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Modularity name: "nginx"
Stream name: "1.24"

Solution: 

Update packages.

CVEs: 
CVE-2024-7347
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted mp4 file with the ngx_http_mp4_module. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Additional Info: 

N/A

Download: 

SRPMS
  1. nginx-1.24.0-4.module+el9+1072+37fb6aa9.1.ML.1.src.rpm
    MD5: daea4424163cd0da87fc5aec16e8456a
    SHA-256: 32b2dad96f5b66953218416d5ceed7311d4c16c6afe026d7aec1d34ee372b1f4
    Size: 1.13 MB

Asianux Server 9 for x86_64
  1. nginx-1.24.0-4.module+el9+1072+37fb6aa9.1.ML.1.x86_64.rpm
    MD5: 2d57550e2f48292f53dffc92ec76495a
    SHA-256: 11e8f850cdd8c21e7869871fb3dddcaf7540c08b14239d5d8eb15fe80c33a855
    Size: 36.34 kB
  2. nginx-all-modules-1.24.0-4.module+el9+1072+37fb6aa9.1.ML.1.noarch.rpm
    MD5: 2b5d9ce1d35ad5021ef3ef1415e222cc
    SHA-256: 22f3dd53866d39265c27870a746c03c32a20d05ce22a6ffa0f36c3d1a0ac4f5d
    Size: 7.82 kB
  3. nginx-core-1.24.0-4.module+el9+1072+37fb6aa9.1.ML.1.x86_64.rpm
    MD5: 828fdfefc47ca1f20df3db6161534f86
    SHA-256: 6d78803eecde68c2898892920ff062346aa9e913b5872fead43de0f9f4a2be7e
    Size: 583.40 kB
  4. nginx-debugsource-1.24.0-4.module+el9+1072+37fb6aa9.1.ML.1.x86_64.rpm
    MD5: 2ffbcfed226957100e1d79bd48e82e2f
    SHA-256: 17aeed7b3748d0311a2cb98c67bb741646157db0a222281739a18b03069fc2ce
    Size: 616.33 kB
  5. nginx-filesystem-1.24.0-4.module+el9+1072+37fb6aa9.1.ML.1.noarch.rpm
    MD5: 2c4c80a03603805e91b987e083b25ef5
    SHA-256: 79cfac85041f73fdd894e11bcd8b20097f49d3b95b946d0649b1f06a4346f9d6
    Size: 8.78 kB
  6. nginx-mod-devel-1.24.0-4.module+el9+1072+37fb6aa9.1.ML.1.x86_64.rpm
    MD5: 69ea450c5981b4a7f552632708bc3a1d
    SHA-256: 89a015c46f0513912a4c1a9ecff8bdd8246ee70822c9906c8cd9ba85aa331967
    Size: 881.54 kB
  7. nginx-mod-http-image-filter-1.24.0-4.module+el9+1072+37fb6aa9.1.ML.1.x86_64.rpm
    MD5: 88367c0304a1aea25edc6a56b2d927f3
    SHA-256: 6f202767e035371449c239dbeaf225d9fcf54456f2f90305640862749d7e3a34
    Size: 19.55 kB
  8. nginx-mod-http-perl-1.24.0-4.module+el9+1072+37fb6aa9.1.ML.1.x86_64.rpm
    MD5: 2126e988fd22922e18fd464432f3b899
    SHA-256: 4e9e699d92b860da4f05a396773d9becf2091c1fcc8877fd2809f7f797dce061
    Size: 31.05 kB
  9. nginx-mod-http-xslt-filter-1.24.0-4.module+el9+1072+37fb6aa9.1.ML.1.x86_64.rpm
    MD5: 4dfc90f63360f749a21ed597abb944fe
    SHA-256: aaa12ffdc8b215eac2b907c59e05395870183d4054bc4de0d955171bd00a0a28
    Size: 18.32 kB
  10. nginx-mod-mail-1.24.0-4.module+el9+1072+37fb6aa9.1.ML.1.x86_64.rpm
    MD5: 118229f29f39e8ddc3bf0a2a4a4fca92
    SHA-256: 0e80406e01871eba924371bacb6d18d6b3627a8cf2ede2bf39804fcc95c8ba15
    Size: 53.21 kB
  11. nginx-mod-stream-1.24.0-4.module+el9+1072+37fb6aa9.1.ML.1.x86_64.rpm
    MD5: fafee8ef8524f337c5939408cb332aac
    SHA-256: a731e18b653d8476f35eac67bc9d1fd4afe7134781609299c6273f9a383e1ec3
    Size: 79.94 kB