mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-07-17 04:37:19 +00:00
61bc94423e
Changes with nginx 1.30.3 *) Security: a heap memory buffer overflow might occur in a worker process when using a configuration with "ignore_invalid_headers off;" and "large_client_header_buffers" with large configured values when proxying a specially crafted request to HTTP/2 or gRPC backend, allowing an attacker to cause worker process memory corruption or segmentation fault in a worker process (CVE-2026-42055). *) Security: a heap memory buffer overread might occur in a worker process while handling a specially sent response with decoding from UTF-8 via the "charset_map" directive, allowing an attacker to cause a limited disclosure of worker proccess memory or segmentation fault in a worker process (CVE-2026-48142). Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>