similar to: nginx-1.27.1

Изменения в nginx 1.27.1 14.08.2024 *) Безопасность: обработка специально созданного mp4-файла модулем ngx_http_mp4_module могла приводить к падению рабочего процесса (CVE-2024-7347). Спасибо Nils Bars. *) Изменение: теперь обработчик в модуле stream не является обязательным. *) Исправление: новые HTTP/2-соединения

A security issue was identified in the ngx_http_mp4_module, which might allow an attacker to cause a worker process crash by using a specially crafted mp4 file (CVE-2024-7347). The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the “mp4” directive is used in the configuration file. Further, the attack is only possible if an attacker is

В модуле ngx_http_mp4_module была обнаружена проблема, которая позволяет с помощью специально созданного mp4-файла вызвать падение рабочего процесса (CVE-2024-7347). Проблеме подвержен nginx, если он собран с модулем ngx_http_mp4_module (по умолчанию не собирается) и директива mp4 используется в конфигурационном файле. При этом атака возможна только в случае, если атакующий имеет возможность

Changes with nginx 1.26.2 14 Aug 2024 *) Security: processing of a specially crafted mp4 file by the ngx_http_mp4_module might cause a worker process crash (CVE-2024-7347). Thanks to Nils Bars. -- Sergey Kandaurov

Изменения в nginx 1.26.2 14.08.2024 *) Безопасность: обработка специально созданного mp4-файла модулем ngx_http_mp4_module могла приводить к падению рабочего процесса (CVE-2024-7347). Спасибо Nils Bars. -- Sergey Kandaurov

Changes with nginx 1.0.15 12 Apr 2012 *) Security: specially crafted mp4 file might allow to overwrite memory locations in a worker process if the ngx_http_mp4_module was used, potentially resulting in arbitrary code execution (CVE-2012-2089). Thanks to Matthew Daley. *) Bugfix: in the ngx_http_mp4_module. Maxim Dounin

Changes with nginx 1.1.19 12 Apr 2012 *) Security: specially crafted mp4 file might allow to overwrite memory locations in a worker process if the ngx_http_mp4_module was used, potentially resulting in arbitrary code execution (CVE-2012-2089). Thanks to Matthew Daley. *) Bugfix: nginx/Windows might be terminated abnormally.

éÚÍÅÎÅÎÉÑ × nginx 1.0.15 12.04.2012 *) âÅÚÏÐÁÓÎÏÓÔØ: ÐÒÉ ÏÂÒÁÂÏÔËÅ ÓÐÅÃÉÁÌØÎÏ ÓÏÚÄÁÎÎÏÇÏ mp4 ÆÁÊÌÁ ÍÏÄÕÌÅÍ ngx_http_mp4_module ÍÏÇÌÉ ÐÅÒÅÚÁÐÉÓÙ×ÁÔØÓÑ ÏÂÌÁÓÔÉ ÐÁÍÑÔÉ ÒÁÂÏÞÅÇÏ ÐÒÏÃÅÓÓÁ, ÞÔÏ ÍÏÇÌÏ ÐÒÉ×ÏÄÉÔØ Ë ×ÙÐÏÌÎÅÎÉÀ ÐÒÏÉÚ×ÏÌØÎÏÇÏ ËÏÄÁ (CVE-2012-2089). óÐÁÓÉÂÏ Matthew Daley. *) éÓÐÒÁ×ÌÅÎÉÅ: × ÍÏÄÕÌÅ ngx_http_mp4_module.

Изменения в nginx 1.27.0 29.05.2024 *) Безопасность: при использовании HTTP/3 обработка специально созданной QUIC-сессии могла приводить к падению рабочего процесса, отправке клиенту содержимого памяти рабочего процесса на системах с MTU больше 4096 байт, а также потенциально могла иметь другие последствия (CVE-2024-32760,

Changes with nginx 1.27.0 29 May 2024 *) Security: when using HTTP/3, processing of a specially crafted QUIC session might cause a worker process crash, worker process memory disclosure on systems with MTU larger than 4096 bytes, or might have potential other impact (CVE-2024-32760, CVE-2024-31079, CVE-2024-35200, CVE-2024-34161).

Changes with nginx 1.26.1 29 May 2024 *) Security: when using HTTP/3, processing of a specially crafted QUIC session might cause a worker process crash, worker process memory disclosure on systems with MTU larger than 4096 bytes, or might have potential other impact (CVE-2024-32760, CVE-2024-31079, CVE-2024-35200, CVE-2024-34161).

Hello! Four security issues were identified in nginx HTTP/3 implementation, which might allow an attacker that uses a specially crafted QUIC session to cause a worker process crash (CVE-2024-31079, CVE-2024-32760, CVE-2024-35200), worker process memory disclosure on systems with MTU larger than 4096 bytes (CVE-2024-34161), or might have potential other impact (CVE-2024-31079, CVE-2024-32760).

Изменения в nginx 1.26.1 29.05.2024 *) Безопасность: при использовании HTTP/3 обработка специально созданной QUIC-сессии могла приводить к падению рабочего процесса, отправке клиенту содержимого памяти рабочего процесса на системах с MTU больше 4096 байт, а также потенциально могла иметь другие последствия (CVE-2024-32760,

Hello! В реализации HTTP/3 в nginx были обнаружены четыре проблемы, которые позволяют атакующему с помощью специально созданной QUIC-сессии вызвать падение рабочего процесса (CVE-2024-31079, CVE-2024-32760, CVE-2024-35200), отправку клиенту части содержимого памяти рабочего процесса на системах с MTU больше 4096 байт (CVE-2024-34161), а также потенциально могут иметь другие последствия

Changes with nginx 1.2.8 02 Apr 2013 *) Bugfix: new sessions were not always stored if the "ssl_session_cache shared" directive was used and there was no free space in shared memory. Thanks to Piotr Sikora. *) Bugfix: responses might hang if subrequests were used and a DNS error happened during subrequest

Back in July, this error was discussed briefly on the mailing list(s). It appears that a fix (r238182) was submitted for inclusion in 9.1 (early). This problem still appears in 9.1-RC1. Will the fix be included in 9.1-RELEASE (or better yet 9.1-RC2)? Thanks. David Boyd. ---------------------------------------------------------------------------- ------ 1st e-mail from pluknet responding to

Hi guys, I can't see virtio in releng/9.1, is there any particular reason why it isn't going to be included given that it works reasonable well (and is optional anyway, so not likely to be detrimental)? Thanks, Joe

How to burn MP4/MPEG4 to DVD playable on a DVD player? So you have downloaded movies and taken videos in the MP4 (MPEG-4) video format. Want to play MP4 files on home DVD player in your living room sitting on the couch? Well, due to the limits of most DVD players' capabilities, the original MP4 files can't be played directly on regular home DVD players. Therefore, you need to convert and

So you have downloaded movies and taken videos in the MP4 (MPEG-4) video format. Want to play MP4 files on home DVD player in your living room sitting on the couch? Well, due to the limits of most DVD players' capabilities, the original MP4 files can't be played directly on regular home DVD players. Therefore, you need to convert and burn original MP4 files to a DVD format. And if you

Hello, You guys might want to join this discussion. (And maybe some others too.) On the WhatWG mailing list, there's been a fury of e-mails about adding a <video> element to HTML5. They're talking about codecs and containers now. It might be helpful to have your representatives there. And help shape things. See ya ---------- Forwarded message ---------- From: Dave Singer