Read Time:9 Second
FEDORA-2022-aeafd24818
Packages in this update:
libxml2-2.10.3-1.fc36
Update description:
Update to 2.10.3
Fix CVE-2022-40303
Fix CVE-2022-40304
Category Archives: Advisories
nginx-mainline-3720221019155610.9e842022
Read Time:1 Minute, 0 Second
FEDORA-MODULAR-2022-03e951278d
Packages in this update:
nginx-mainline-3720221019155610.9e842022
Update description:
Security: processing of a specially crafted mp4 file by the ngx_http_mp4_module might cause a worker process crash, worker process memory disclosure, or might have potential other impact (CVE-2022-41741, CVE-2022-41742).
Feature: the “$proxy_protocol_tlv_…” variables.
Feature: TLS session tickets encryption keys are now automatically rotated when using shared memory in the “ssl_session_cache” directive.
Change: the logging level of the “bad record type” SSL errors has been lowered from “crit” to “info”. Thanks to Murilo Andrade.
Change: now when using shared memory in the “ssl_session_cache” directive the “could not allocate new session” errors are logged at the “warn” level instead of “alert” and not more often than once per second.
Bugfix: nginx/Windows could not be built with OpenSSL 3.0.x.
Bugfix: in logging of the PROXY protocol errors. Thanks to Sergey Brester.
Workaround: shared memory from the “ssl_session_cache” directive was spent on sessions using TLS session tickets when using TLSv1.3 with OpenSSL.
Workaround: timeout specified with the “ssl_session_timeout” directive did not work when using TLSv1.3 with OpenSSL or BoringSSL.
nginx-mainline-820220816123924.9edba152
Read Time:1 Minute, 1 Second
FEDORA-EPEL-MODULAR-2022-e97b3e0f82
Packages in this update:
nginx-mainline-820220816123924.9edba152
Update description:
Security: processing of a specially crafted mp4 file by the ngx_http_mp4_module might cause a worker process crash, worker process memory disclosure, or might have potential other impact (CVE-2022-41741, CVE-2022-41742).
Feature: the “$proxy_protocol_tlv_…” variables.
Feature: TLS session tickets encryption keys are now automatically rotated when using shared memory in the “ssl_session_cache” directive.
Change: the logging level of the “bad record type” SSL errors has been lowered from “crit” to “info”. Thanks to Murilo Andrade.
Change: now when using shared memory in the “ssl_session_cache” directive the “could not allocate new session” errors are logged at the “warn” level instead of “alert” and not more often than once per second.
Bugfix: nginx/Windows could not be built with OpenSSL 3.0.x.
Bugfix: in logging of the PROXY protocol errors. Thanks to Sergey Brester.
Workaround: shared memory from the “ssl_session_cache” directive was spent on sessions using TLS session tickets when using TLSv1.3 with OpenSSL.
Workaround: timeout specified with the “ssl_session_timeout” directive did not work when using TLSv1.3 with OpenSSL or BoringSSL.
nginx-mainline-3520221019155610.f27b74a8
Read Time:1 Minute, 0 Second
FEDORA-MODULAR-2022-2454736cf7
Packages in this update:
nginx-mainline-3520221019155610.f27b74a8
Update description:
Security: processing of a specially crafted mp4 file by the ngx_http_mp4_module might cause a worker process crash, worker process memory disclosure, or might have potential other impact (CVE-2022-41741, CVE-2022-41742).
Feature: the “$proxy_protocol_tlv_…” variables.
Feature: TLS session tickets encryption keys are now automatically rotated when using shared memory in the “ssl_session_cache” directive.
Change: the logging level of the “bad record type” SSL errors has been lowered from “crit” to “info”. Thanks to Murilo Andrade.
Change: now when using shared memory in the “ssl_session_cache” directive the “could not allocate new session” errors are logged at the “warn” level instead of “alert” and not more often than once per second.
Bugfix: nginx/Windows could not be built with OpenSSL 3.0.x.
Bugfix: in logging of the PROXY protocol errors. Thanks to Sergey Brester.
Workaround: shared memory from the “ssl_session_cache” directive was spent on sessions using TLS session tickets when using TLSv1.3 with OpenSSL.
Workaround: timeout specified with the “ssl_session_timeout” directive did not work when using TLSv1.3 with OpenSSL or BoringSSL.
nginx-mainline-3620221019155610.5e5ad4a0
Read Time:1 Minute, 0 Second
FEDORA-MODULAR-2022-d2cc9c919c
Packages in this update:
nginx-mainline-3620221019155610.5e5ad4a0
Update description:
Security: processing of a specially crafted mp4 file by the ngx_http_mp4_module might cause a worker process crash, worker process memory disclosure, or might have potential other impact (CVE-2022-41741, CVE-2022-41742).
Feature: the “$proxy_protocol_tlv_…” variables.
Feature: TLS session tickets encryption keys are now automatically rotated when using shared memory in the “ssl_session_cache” directive.
Change: the logging level of the “bad record type” SSL errors has been lowered from “crit” to “info”. Thanks to Murilo Andrade.
Change: now when using shared memory in the “ssl_session_cache” directive the “could not allocate new session” errors are logged at the “warn” level instead of “alert” and not more often than once per second.
Bugfix: nginx/Windows could not be built with OpenSSL 3.0.x.
Bugfix: in logging of the PROXY protocol errors. Thanks to Sergey Brester.
Workaround: shared memory from the “ssl_session_cache” directive was spent on sessions using TLS session tickets when using TLSv1.3 with OpenSSL.
Workaround: timeout specified with the “ssl_session_timeout” directive did not work when using TLSv1.3 with OpenSSL or BoringSSL.
nginx-1.22.1-1.fc35
Read Time:15 Second
FEDORA-2022-97de53f202
Packages in this update:
nginx-1.22.1-1.fc35
Update description:
Security: processing of a specially crafted mp4 file by the
ngx_http_mp4_module might cause a worker process crash, worker
process memory disclosure, or might have potential other impact
(CVE-2022-41741, CVE-2022-41742).
nginx-1.22.1-1.fc37
Read Time:15 Second
FEDORA-2022-12721789aa
Packages in this update:
nginx-1.22.1-1.fc37
Update description:
Security: processing of a specially crafted mp4 file by the
ngx_http_mp4_module might cause a worker process crash, worker
process memory disclosure, or might have potential other impact
(CVE-2022-41741, CVE-2022-41742).
nginx-1.22.1-1.fc36
Read Time:15 Second
FEDORA-2022-b0f5bc2175
Packages in this update:
nginx-1.22.1-1.fc36
Update description:
Security: processing of a specially crafted mp4 file by the
ngx_http_mp4_module might cause a worker process crash, worker
process memory disclosure, or might have potential other impact
(CVE-2022-41741, CVE-2022-41742).
libxml2-2.10.3-1.fc37
Read Time:9 Second
FEDORA-2022-a6812b0224
Packages in this update:
libxml2-2.10.3-1.fc37
Update description:
Update to 2.10.3
Fix CVE-2022-40303
Fix CVE-2022-40304
vim-9.0.803-1.fc37
Read Time:15 Second
FEDORA-2022-839fd408a5
Packages in this update:
vim-9.0.803-1.fc37
Update description:
patchlevel 803
The newest upstream commit
Security fixes for CVE-2022-3256, CVE-2022-3324, CVE-2022-3352, CVE-2022-3235, CVE-2022-3234, CVE-2022-3296, CVE-2022-3297, CVE-2022-3278.