FEDORA-MODULAR-2022-03e951278d
Packages in this update:
nginx-mainline-3720221019155610.9e842022
Update description:
Security: processing of a specially crafted mp4 file by the ngx_http_mp4_module might cause a worker process crash, worker process memory disclosure, or might have potential other impact (CVE-2022-41741, CVE-2022-41742).
Feature: the “$proxy_protocol_tlv_…” variables.
Feature: TLS session tickets encryption keys are now automatically rotated when using shared memory in the “ssl_session_cache” directive.
Change: the logging level of the “bad record type” SSL errors has been lowered from “crit” to “info”. Thanks to Murilo Andrade.
Change: now when using shared memory in the “ssl_session_cache” directive the “could not allocate new session” errors are logged at the “warn” level instead of “alert” and not more often than once per second.
Bugfix: nginx/Windows could not be built with OpenSSL 3.0.x.
Bugfix: in logging of the PROXY protocol errors. Thanks to Sergey Brester.
Workaround: shared memory from the “ssl_session_cache” directive was spent on sessions using TLS session tickets when using TLSv1.3 with OpenSSL.
Workaround: timeout specified with the “ssl_session_timeout” directive did not work when using TLSv1.3 with OpenSSL or BoringSSL.
More Stories
openjpeg2-2.5.3-1.fc40
FEDORA-2024-272544ceb9 Packages in this update: openjpeg2-2.5.3-1.fc40 Update description: Update to openjpeg-2.5.3 Fix 2 heap-buffer-overflow Read More
libxml2-2.12.9-1.fc40
FEDORA-2024-9f3765a04b Packages in this update: libxml2-2.12.9-1.fc40 Update description: Update to 2.12.9 Fixes CVE-2024-40896 Read More
libxml2-2.12.9-1.fc41
FEDORA-2024-867a14de12 Packages in this update: libxml2-2.12.9-1.fc41 Update description: Update to 2.12.9 Fixes CVE-2024-40896. Read More
iwd-3.3-1.fc40 libell-0.71-1.fc40
FEDORA-2024-0fa283c43a Packages in this update: iwd-3.3-1.fc40 libell-0.71-1.fc40 Update description: iwd 3.3: Fix issue with handling External Authentication. iwd 3.2: Fix...
iwd-3.3-1.fc41 libell-0.71-1.fc41
FEDORA-2024-256818da09 Packages in this update: iwd-3.3-1.fc41 libell-0.71-1.fc41 Update description: iwd 3.3: Fix issue with handling External Authentication. iwd 3.2: Fix...
A Vulnerability in Apache Struts2 Could Allow for Remote Code Execution
A vulnerability has been discovered in Apache Struts2, which could allow for remote code execution. Apache Struts2 is an open-source...