stable

nginx-1.26.1-1.fc40

FEDORA-2024-06e6dcbb42 created by heffer a month ago for Fedora 40
*) Security: when using HTTP/3, processing of a specially crafted QUIC
   session might cause a worker process crash, worker process memory
   disclosure on systems with MTU larger than 4096 bytes, or might have
   potential other impact (CVE-2024-32760, CVE-2024-31079,
   CVE-2024-35200, CVE-2024-34161).
   Thanks to Nils Bars of CISPA.

*) Bugfix: reduced memory consumption for long-lived requests if "gzip",
   "gunzip", "ssi", "sub_filter", or "grpc_pass" directives are used.

*) Bugfix: nginx could not be built by gcc 14 if the --with-atomic
   option was used.
   Thanks to Edgar Bonet.

*) Bugfix: in HTTP/3.

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2024-06e6dcbb42

This update has been submitted for testing by heffer.

a month ago

This update's test gating status has been changed to 'ignored'.

a month ago

heffer edited this update.

a month ago

This update has been pushed to testing.

a month ago
User Icon frantisekz provided feedback a month ago
karma

This update has been submitted for stable by bodhi.

a month ago

This update has been pushed to stable.

a month ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
1
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
a month ago
in testing
a month ago
in stable
a month ago
modified
a month ago
approved
a month ago
BZ#2283925 CVE-2024-35200 nginx: undisclosed HTTP/3 requests can cause NGINX worker processes to terminate [fedora-all]
0
0
BZ#2283932 CVE-2024-34161 nginx: undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory [fedora-all]
0
0
BZ#2283939 CVE-2024-32760 nginx: undisclosed HTTP/3 encoder instructions terminate or cause or other potential impact [fedora-all]
0
0
BZ#2283946 CVE-2024-31079 nginx: undisclosed HTTP/3 requests can cause NGINX worker processes to terminate [fedora-all]
0
0

Automated Test Results