diff options
| author | Ankur Tyagi <ankur.tyagi85@gmail.com> | 2026-05-22 10:36:21 +1200 |
|---|---|---|
| committer | Khem Raj <khem.raj@oss.qualcomm.com> | 2026-05-21 17:20:21 -0700 |
| commit | a2b90ccd7ba92f233ed422907c05909b0966c8f4 (patch) | |
| tree | 03eefaa3b3b0bc658f91ba8ae8d3ccd5d8952f20 /meta-oe | |
| parent | 2f64c27b186011958ac392aea9214b2c134e14a3 (diff) | |
| download | meta-openembedded-a2b90ccd7ba92f233ed422907c05909b0966c8f4.tar.gz | |
nginx: upgrade 1.30.0 -> 1.30.1
Changes with nginx 1.30.1
*) Security: when using the "proxy_set_body" directive, an attacker
might inject data in the proxied request to an HTTP/2 backend
(CVE-2026-42926).
*) Security: a heap memory buffer overflow might occur in a worker
process while handling a specially crafted request by
ngx_http_rewrite_module, potentially resulting in arbitrary code
execution (CVE-2026-42945).
*) Security: a heap memory buffer overread might occur in a worker
process while handling a specially crafted response by
ngx_http_scgi_module or ngx_http_uwsgi_module, allowing an attacker
to cause a disclosure of worker process memory or segmentation fault
in a worker process (CVE-2026-42946).
*) Security: a heap memory buffer overread might occur in a worker
process while handling a specially sent response with decoding from
UTF-8 via the "charset_map" directive, allowing an attacker to cause
a limited disclosure of worker proccess memory or segmentation fault
in a worker process (CVE-2026-42934).
*) Security: when using HTTP/3, processing of connection migration might
cause new QUIC streams to receive a new client address before
validation, allowing an attacker to cause address spoofing
(CVE-2026-40460).
*) Security: use-after-free might occur during DNS server response
processing if the "ssl_ocsp" directive was used, allowing an attacker
to cause worker process memory corruption or segmentation fault in a
worker process (CVE-2026-40701).
*) Bugfix: connections with HTTP/2 backends might not be cached when
using the "proxy_set_body" or "proxy_pass_request_body" directives.
*) Bugfix: proxied HTTP/0.9, SCGI, or uWSGI responses might be
transferred incorrectly if the first line was not fully read.
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Diffstat (limited to 'meta-oe')
0 files changed, 0 insertions, 0 deletions
