========================================================================= Ubuntu Security Notice USN-5722-1 November 15, 2022 nginx vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: Several security issues were fixed in nginx. Software Description: - nginx: small, powerful, scalable web/proxy server Details: It was discovered that nginx incorrectly handled certain memory operations in the ngx_http_mp4_module module. A local attacker could possibly use this issue with a specially crafted mp4 file to cause nginx to crash, stop responding, or access arbitrary memory. (CVE-2022-41741, CVE-2022-41742) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.10: nginx 1.22.0-1ubuntu1.1 nginx-common 1.22.0-1ubuntu1.1 nginx-core 1.22.0-1ubuntu1.1 nginx-extras 1.22.0-1ubuntu1.1 nginx-full 1.22.0-1ubuntu1.1 nginx-light 1.22.0-1ubuntu1.1 Ubuntu 22.04 LTS: nginx 1.18.0-6ubuntu14.3 nginx-common 1.18.0-6ubuntu14.3 nginx-core 1.18.0-6ubuntu14.3 nginx-extras 1.18.0-6ubuntu14.3 nginx-full 1.18.0-6ubuntu14.3 nginx-light 1.18.0-6ubuntu14.3 Ubuntu 20.04 LTS: nginx 1.18.0-0ubuntu1.4 nginx-common 1.18.0-0ubuntu1.4 nginx-core 1.18.0-0ubuntu1.4 nginx-extras 1.18.0-0ubuntu1.4 nginx-full 1.18.0-0ubuntu1.4 nginx-light 1.18.0-0ubuntu1.4 Ubuntu 18.04 LTS: nginx 1.14.0-0ubuntu1.11 nginx-common 1.14.0-0ubuntu1.11 nginx-core 1.14.0-0ubuntu1.11 nginx-extras 1.14.0-0ubuntu1.11 nginx-full 1.14.0-0ubuntu1.11 nginx-light 1.14.0-0ubuntu1.11 Ubuntu 16.04 ESM: nginx 1.10.3-0ubuntu0.16.04.5+esm5 nginx-common 1.10.3-0ubuntu0.16.04.5+esm5 nginx-core 1.10.3-0ubuntu0.16.04.5+esm5 nginx-extras 1.10.3-0ubuntu0.16.04.5+esm5 nginx-full 1.10.3-0ubuntu0.16.04.5+esm5 nginx-light 1.10.3-0ubuntu0.16.04.5+esm5 Ubuntu 14.04 ESM: nginx 1.4.6-1ubuntu3.9+esm4 nginx-common 1.4.6-1ubuntu3.9+esm4 nginx-core 1.4.6-1ubuntu3.9+esm4 nginx-extras 1.4.6-1ubuntu3.9+esm4 nginx-full 1.4.6-1ubuntu3.9+esm4 nginx-light 1.4.6-1ubuntu3.9+esm4 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5722-1 CVE-2022-41741, CVE-2022-41742 Package Information: https://launchpad.net/ubuntu/+source/nginx/1.22.0-1ubuntu1.1 https://launchpad.net/ubuntu/+source/nginx/1.18.0-6ubuntu14.3 https://launchpad.net/ubuntu/+source/nginx/1.18.0-0ubuntu1.4 https://launchpad.net/ubuntu/+source/nginx/1.14.0-0ubuntu1.11