1. Ubuntu Security Notices
  2. USN-5722-1

USN-5722-1: nginx vulnerabilities

Publication date

15 November 2022

Overview

Several security issues were fixed in nginx.

Releases

Packages

  • nginx - small, powerful, scalable web/proxy server

Details

It was discovered that nginx incorrectly handled certain memory operations in
the ngx_http_mp4_module module. A local attacker could possibly use this issue
with a specially crafted mp4 file to cause nginx to crash, stop responding, or
access arbitrary memory. (CVE-2022-41741, CVE-2022-41742)

It was discovered that nginx incorrectly handled certain memory operations in
the ngx_http_mp4_module module. A local attacker could possibly use this issue
with a specially crafted mp4 file to cause nginx to crash, stop responding, or
access arbitrary memory. (CVE-2022-41741, CVE-2022-41742)

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
22.10 kinetic nginx-common –  1.22.0-1ubuntu1.1
nginx-light –  1.22.0-1ubuntu1.1
nginx-extras –  1.22.0-1ubuntu1.1
nginx-core –  1.22.0-1ubuntu1.1
nginx –  1.22.0-1ubuntu1.1
nginx-full –  1.22.0-1ubuntu1.1
22.04 jammy nginx-common –  1.18.0-6ubuntu14.3
nginx-light –  1.18.0-6ubuntu14.3
nginx-extras –  1.18.0-6ubuntu14.3
nginx-core –  1.18.0-6ubuntu14.3
nginx –  1.18.0-6ubuntu14.3
nginx-full –  1.18.0-6ubuntu14.3
20.04 focal nginx-common –  1.18.0-0ubuntu1.4
nginx-light –  1.18.0-0ubuntu1.4
nginx-extras –  1.18.0-0ubuntu1.4
nginx-core –  1.18.0-0ubuntu1.4
nginx –  1.18.0-0ubuntu1.4
nginx-full –  1.18.0-0ubuntu1.4
18.04 bionic nginx-common –  1.14.0-0ubuntu1.11
nginx-light –  1.14.0-0ubuntu1.11
nginx-extras –  1.14.0-0ubuntu1.11
nginx-core –  1.14.0-0ubuntu1.11
nginx –  1.14.0-0ubuntu1.11
nginx-full –  1.14.0-0ubuntu1.11
16.04 xenial nginx-extras –  1.10.3-0ubuntu0.16.04.5+esm5  
nginx-core –  1.10.3-0ubuntu0.16.04.5+esm5  
nginx-common –  1.10.3-0ubuntu0.16.04.5+esm5  
nginx-full –  1.10.3-0ubuntu0.16.04.5+esm5  
nginx –  1.10.3-0ubuntu0.16.04.5+esm5  
nginx-light –  1.10.3-0ubuntu0.16.04.5+esm5  
14.04 trusty nginx-extras –  1.4.6-1ubuntu3.9+esm4  
nginx-core –  1.4.6-1ubuntu3.9+esm4  
nginx-common –  1.4.6-1ubuntu3.9+esm4  
nginx-full –  1.4.6-1ubuntu3.9+esm4  
nginx –  1.4.6-1ubuntu3.9+esm4  
nginx-light –  1.4.6-1ubuntu3.9+esm4  

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›