nginx-1.26.1-1.fc40

Read Time:34 Second

FEDORA-2024-06e6dcbb42

Packages in this update:

nginx-1.26.1-1.fc40

Update description:

*) Security: when using HTTP/3, processing of a specially crafted QUIC
session might cause a worker process crash, worker process memory
disclosure on systems with MTU larger than 4096 bytes, or might have
potential other impact (CVE-2024-32760, CVE-2024-31079,
CVE-2024-35200, CVE-2024-34161).
Thanks to Nils Bars of CISPA.

*) Bugfix: reduced memory consumption for long-lived requests if “gzip”,
“gunzip”, “ssi”, “sub_filter”, or “grpc_pass” directives are used.

*) Bugfix: nginx could not be built by gcc 14 if the –with-atomic
option was used.
Thanks to Edgar Bonet.

*) Bugfix: in HTTP/3.

Read More