diff options
| author | Gyorgy Sarvari <skandigraun@gmail.com> | 2026-03-28 08:30:20 +0100 |
|---|---|---|
| committer | Khem Raj <khem.raj@oss.qualcomm.com> | 2026-03-28 08:32:48 -0700 |
| commit | 34b3d0f4917169c5cd568cdb13796a2d75f1fbf1 (patch) | |
| tree | 5d7321fc11f6e2de74636e7f2c3e471ef4c36679 /meta-webserver | |
| parent | 991279998374fe4e2622e585ea9bd179eac327b4 (diff) | |
| download | meta-openembedded-34b3d0f4917169c5cd568cdb13796a2d75f1fbf1.tar.gz | |
nginx: upgrade 1.28.2 -> 1.28.3
Changes:
*) Security: a buffer overflow might occur while handling a COPY or MOVE
request in a location with "alias", allowing an attacker to modify
the source or destination path outside of the document root
(CVE-2026-27654).
*) Security: processing of a specially crafted mp4 file by the
ngx_http_mp4_module on 32-bit platforms might cause a worker process
crash, or might have potential other impact (CVE-2026-27784).
*) Security: processing of a specially crafted mp4 file by the
ngx_http_mp4_module might cause a worker process crash, or might have
potential other impact (CVE-2026-32647).
*) Security: a segmentation fault might occur in a worker process if the
CRAM-MD5 or APOP authentication methods were used and authentication
retry was enabled (CVE-2026-27651).
*) Security: an attacker might use PTR DNS records to inject data in
auth_http requests, as well as in the XCLIENT command in the backend
SMTP connection (CVE-2026-28753).
*) Security: SSL handshake might succeed despite OCSP rejecting a client
certificate in the stream module (CVE-2026-28755).
*) Change: now nginx limits the size and rate of QUIC stateless reset
packets.
*) Bugfix: receiving a QUIC packet by a wrong worker process could cause
the connection to terminate.
*) Bugfix: in the ngx_http_mp4_module.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Diffstat (limited to 'meta-webserver')
| -rw-r--r-- | meta-webserver/recipes-httpd/nginx/nginx_1.28.3.bb (renamed from meta-webserver/recipes-httpd/nginx/nginx_1.28.2.bb) | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/meta-webserver/recipes-httpd/nginx/nginx_1.28.2.bb b/meta-webserver/recipes-httpd/nginx/nginx_1.28.3.bb index 9699b7189d..9872a6de3b 100644 --- a/meta-webserver/recipes-httpd/nginx/nginx_1.28.2.bb +++ b/meta-webserver/recipes-httpd/nginx/nginx_1.28.3.bb | |||
| @@ -2,6 +2,6 @@ require nginx.inc | |||
| 2 | 2 | ||
| 3 | LIC_FILES_CHKSUM = "file://LICENSE;md5=3dc49537b08b14c8b66ad247bb4c4593" | 3 | LIC_FILES_CHKSUM = "file://LICENSE;md5=3dc49537b08b14c8b66ad247bb4c4593" |
| 4 | 4 | ||
| 5 | SRC_URI[sha256sum] = "20e5e0f2c917acfb51120eec2fba9a4ba4e1e10fd28465067cc87a7d81a829a3" | 5 | SRC_URI[sha256sum] = "2c96a946bfb0882a21744ed429770a2123ae1828c7c48665092993ddee91a918" |
| 6 | 6 | ||
| 7 | CVE_STATUS[CVE-2025-53859] = "cpe-stable-backport: Fix is included in 1.28.1" | 7 | CVE_STATUS[CVE-2025-53859] = "cpe-stable-backport: Fix is included in 1.28.1" |