{"schema_version":"1.7.2","id":"OESA-2022-2023","modified":"2022-10-28T11:04:28Z","published":"2022-10-28T11:04:28Z","upstream":["CVE-2022-41742","CVE-2022-41741"],"summary":"nginx security update","details":"NGINX is a free, open-source, high-performance HTTP server and reverse proxy,as well as an IMAP/POP3 proxy server.\r\n\r\nSecurity Fix(es):\r\n\r\nNGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted audio or video file. The issue affects only NGINX products that are built with the module ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module.(CVE-2022-41742)\r\n\r\nNGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its termination or potential other impact using a specially crafted audio or video file. The issue affects only NGINX products that are built with the ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module.(CVE-2022-41741)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP1","name":"nginx","purl":"pkg:rpm/openEuler/nginx\u0026distro=openEuler-20.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.21.5-2.oe1"}]}],"ecosystem_specific":{"aarch64":["nginx-1.21.5-2.oe1.aarch64.rpm","nginx-debugsource-1.21.5-2.oe1.aarch64.rpm","nginx-mod-http-image-filter-1.21.5-2.oe1.aarch64.rpm","nginx-debuginfo-1.21.5-2.oe1.aarch64.rpm","nginx-mod-stream-1.21.5-2.oe1.aarch64.rpm","nginx-mod-http-perl-1.21.5-2.oe1.aarch64.rpm","nginx-mod-mail-1.21.5-2.oe1.aarch64.rpm","nginx-mod-http-xslt-filter-1.21.5-2.oe1.aarch64.rpm"],"noarch":["nginx-all-modules-1.21.5-2.oe1.noarch.rpm","nginx-help-1.21.5-2.oe1.noarch.rpm","nginx-filesystem-1.21.5-2.oe1.noarch.rpm"],"src":["nginx-1.21.5-2.oe1.src.rpm"],"x86_64":["nginx-mod-stream-1.21.5-2.oe1.x86_64.rpm","nginx-mod-http-perl-1.21.5-2.oe1.x86_64.rpm","nginx-mod-http-image-filter-1.21.5-2.oe1.x86_64.rpm","nginx-mod-mail-1.21.5-2.oe1.x86_64.rpm","nginx-debugsource-1.21.5-2.oe1.x86_64.rpm","nginx-mod-http-xslt-filter-1.21.5-2.oe1.x86_64.rpm","nginx-debuginfo-1.21.5-2.oe1.x86_64.rpm","nginx-1.21.5-2.oe1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:20.03-LTS-SP3","name":"nginx","purl":"pkg:rpm/openEuler/nginx\u0026distro=openEuler-20.03-LTS-SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.21.5-2.oe1"}]}],"ecosystem_specific":{"aarch64":["nginx-mod-stream-1.21.5-2.oe1.aarch64.rpm","nginx-mod-http-perl-1.21.5-2.oe1.aarch64.rpm","nginx-debugsource-1.21.5-2.oe1.aarch64.rpm","nginx-1.21.5-2.oe1.aarch64.rpm","nginx-debuginfo-1.21.5-2.oe1.aarch64.rpm","nginx-mod-http-image-filter-1.21.5-2.oe1.aarch64.rpm","nginx-mod-mail-1.21.5-2.oe1.aarch64.rpm","nginx-mod-http-xslt-filter-1.21.5-2.oe1.aarch64.rpm"],"noarch":["nginx-all-modules-1.21.5-2.oe1.noarch.rpm","nginx-filesystem-1.21.5-2.oe1.noarch.rpm"],"src":["nginx-1.21.5-2.oe1.src.rpm"],"x86_64":["nginx-debuginfo-1.21.5-2.oe1.x86_64.rpm","nginx-mod-stream-1.21.5-2.oe1.x86_64.rpm","nginx-1.21.5-2.oe1.x86_64.rpm","nginx-mod-http-xslt-filter-1.21.5-2.oe1.x86_64.rpm","nginx-debugsource-1.21.5-2.oe1.x86_64.rpm","nginx-mod-mail-1.21.5-2.oe1.x86_64.rpm","nginx-mod-http-perl-1.21.5-2.oe1.x86_64.rpm","nginx-mod-http-image-filter-1.21.5-2.oe1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:22.03-LTS","name":"nginx","purl":"pkg:rpm/openEuler/nginx\u0026distro=openEuler-22.03-LTS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.21.5-3.oe2203"}]}],"ecosystem_specific":{"aarch64":["nginx-1.21.5-3.oe2203.aarch64.rpm","nginx-debuginfo-1.21.5-3.oe2203.aarch64.rpm","nginx-mod-http-xslt-filter-1.21.5-3.oe2203.aarch64.rpm","nginx-mod-mail-1.21.5-3.oe2203.aarch64.rpm","nginx-debugsource-1.21.5-3.oe2203.aarch64.rpm","nginx-mod-http-perl-1.21.5-3.oe2203.aarch64.rpm","nginx-mod-stream-1.21.5-3.oe2203.aarch64.rpm","nginx-mod-http-image-filter-1.21.5-3.oe2203.aarch64.rpm"],"noarch":["nginx-filesystem-1.21.5-3.oe2203.noarch.rpm","nginx-all-modules-1.21.5-3.oe2203.noarch.rpm","nginx-help-1.21.5-3.oe2203.noarch.rpm"],"src":["nginx-1.21.5-3.oe2203.src.rpm"],"x86_64":["nginx-mod-http-xslt-filter-1.21.5-3.oe2203.x86_64.rpm","nginx-debuginfo-1.21.5-3.oe2203.x86_64.rpm","nginx-1.21.5-3.oe2203.x86_64.rpm","nginx-mod-mail-1.21.5-3.oe2203.x86_64.rpm","nginx-mod-http-image-filter-1.21.5-3.oe2203.x86_64.rpm","nginx-mod-http-perl-1.21.5-3.oe2203.x86_64.rpm","nginx-mod-stream-1.21.5-3.oe2203.x86_64.rpm","nginx-debugsource-1.21.5-3.oe2203.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2023"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41742"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41741"}],"database_specific":{"severity":"High"}}