stable

nginx-1.26.1-1.fc39

FEDORA-2024-2e4858330c created by heffer 11 months ago for Fedora 39
*) Security: when using HTTP/3, processing of a specially crafted QUIC
   session might cause a worker process crash, worker process memory
   disclosure on systems with MTU larger than 4096 bytes, or might have
   potential other impact (CVE-2024-32760, CVE-2024-31079,
   CVE-2024-35200, CVE-2024-34161).
   Thanks to Nils Bars of CISPA.

*) Bugfix: reduced memory consumption for long-lived requests if "gzip",
   "gunzip", "ssi", "sub_filter", or "grpc_pass" directives are used.

*) Bugfix: nginx could not be built by gcc 14 if the --with-atomic
   option was used.
   Thanks to Edgar Bonet.

*) Bugfix: in HTTP/3.

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2024-2e4858330c

This update has been submitted for testing by heffer.

11 months ago

This update's test gating status has been changed to 'ignored'.

11 months ago

heffer edited this update.

11 months ago

This update has been pushed to testing.

11 months ago
User Icon tokyovigilante commented & provided feedback 10 months ago
karma

Tested ok on Fedora 39 server

This update has been submitted for stable by bodhi.

10 months ago

This update has been pushed to stable.

10 months ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
1
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
11 months ago
in testing
11 months ago
in stable
10 months ago
modified
11 months ago
approved
10 months ago
BZ#2283925 CVE-2024-35200 nginx: undisclosed HTTP/3 requests can cause NGINX worker processes to terminate [fedora-all]
0
0
BZ#2283932 CVE-2024-34161 nginx: undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory [fedora-all]
0
0
BZ#2283939 CVE-2024-32760 nginx: undisclosed HTTP/3 encoder instructions terminate or cause or other potential impact [fedora-all]
0
0
BZ#2283946 CVE-2024-31079 nginx: undisclosed HTTP/3 requests can cause NGINX worker processes to terminate [fedora-all]
0
0

Automated Test Results