mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-07-15 16:07:26 +00:00
nginx: upgrade 1.30.2 -> 1.30.3
Changes with nginx 1.30.3 *) Security: a heap memory buffer overflow might occur in a worker process when using a configuration with "ignore_invalid_headers off;" and "large_client_header_buffers" with large configured values when proxying a specially crafted request to HTTP/2 or gRPC backend, allowing an attacker to cause worker process memory corruption or segmentation fault in a worker process (CVE-2026-42055). *) Security: a heap memory buffer overread might occur in a worker process while handling a specially sent response with decoding from UTF-8 via the "charset_map" directive, allowing an attacker to cause a limited disclosure of worker proccess memory or segmentation fault in a worker process (CVE-2026-48142). Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
This commit is contained in:
committed by
Khem Raj
parent
d8cb988be3
commit
61bc94423e
+1
-1
@@ -2,5 +2,5 @@ require nginx.inc
|
||||
|
||||
LIC_FILES_CHKSUM = "file://LICENSE;md5=79da1c70d587d3a199af9255ad393f99"
|
||||
|
||||
SRC_URI[sha256sum] = "7df3090907fca3cc0e456d6dc00ceb230da74ea88026ceff0affc29dbbd9ac4c"
|
||||
SRC_URI[sha256sum] = "e5823dc6f45610993def93ebf6cfce68264af4958c77e874b7d20f3709001b8f"
|
||||
|
||||
Reference in New Issue
Block a user