diff --git a/SOURCES/0018-Rewrite-fixed-escaping-and-possible-buffer-overrun.patch b/SOURCES/0018-Rewrite-fixed-escaping-and-possible-buffer-overrun.patch index aaab5fe..d992599 100644 --- a/SOURCES/0018-Rewrite-fixed-escaping-and-possible-buffer-overrun.patch +++ b/SOURCES/0018-Rewrite-fixed-escaping-and-possible-buffer-overrun.patch @@ -1,4 +1,4 @@ -From 524977e7c534e87e5b55739fa74601c9f1102686 Mon Sep 17 00:00:00 2001 +From d4ab10c9ccbae391a5152220d1b019656477b58f Mon Sep 17 00:00:00 2001 From: Roman Arutyunyan Date: Wed, 22 Apr 2026 09:39:31 +0400 Subject: [PATCH] Rewrite: fixed escaping and possible buffer overrun @@ -26,17 +26,17 @@ Reported by Leo Lin. 1 file changed, 1 insertion(+) diff --git a/src/http/ngx_http_script.c b/src/http/ngx_http_script.c -index a2b9f1b7bf..2ea6113735 100644 +index a2b9f1b..2ea6113 100644 --- a/src/http/ngx_http_script.c +++ b/src/http/ngx_http_script.c @@ -1202,6 +1202,7 @@ ngx_http_script_regex_end_code(ngx_http_script_engine_t *e) - + r = e->request; - + + e->is_args = 0; e->quote = 0; - + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, --- -2.53.0 +-- +2.44.0 diff --git a/SPECS/nginx.spec b/SPECS/nginx.spec index e5ab90e..3b23b8e 100644 --- a/SPECS/nginx.spec +++ b/SPECS/nginx.spec @@ -56,7 +56,7 @@ Name: nginx Epoch: 1 Version: 1.24.0 -Release: 5%{?dist}.2.alma.2 +Release: 7%{?dist}.1.alma.1 Summary: A high performance web server and reverse proxy server # BSD License (two clause) @@ -144,8 +144,8 @@ Patch14: 0016-Mail-fixed-clearing-s-passwd-in-auth-http-requests.patch # upstream patch - https://github.com/nginx/nginx/commit/7725c372c2f Patch15: 0017-Mp4-avoid-zero-size-buffers-in-output.patch -# CVE-2026-42945 -# upstream patch - https://github.com/nginx/nginx/commit/524977e7c534e87e5b55739fa74601c9f1102686 +# https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2026-42945 +# upstream patch - https://github.com/nginx/nginx/commit/524977e7 Patch16: 0018-Rewrite-fixed-escaping-and-possible-buffer-overrun.patch @@ -661,26 +661,26 @@ fi %changelog -* Thu May 14 2026 Jonathan Wright - 1:1.24.0-5.2.alma.2 -- Fix CVE-2026-42945 nginx: NGINX: Buffer overrun in rewrite module via - arguments in replacement strings - -* Wed Apr 08 2026 Eduard Abdullin - 1:1.24.0-5.2.alma.1 +* Wed May 20 2026 Eduard Abdullin - 1:1.24.0-7.1.alma.1 - Debrand for AlmaLinux -* Fri Mar 27 2026 Zdenek Dohnal - 1:1.24.0-5.2 -- Resolves: RHEL-157886 CVE-2026-32647 nginx:1.24/nginx: NGINX: Denial of +* Thu May 14 2026 Luboš Uhliarik - 1:1.24.0-7.1 +- Resolves: RHEL-176234 - nginx:1.24/nginx: NGINX: Arbitrary Code Execution + Vulnerability (CVE-2026-42945) + +* Fri Mar 27 2026 Zdenek Dohnal - 1:1.24.0-7 +- Resolves: RHEL-157889 CVE-2026-32647 nginx:1.24/nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files -- Resolves: RHEL-159445 CVE-2026-27651 nginx:1.24/nginx: NGINX: Denial of +- Resolves: RHEL-159448 CVE-2026-27651 nginx:1.24/nginx: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled -- Resolves: RHEL-159558 CVE-2026-27654 nginx:1.24/nginx: NGINX: Denial of +- Resolves: RHEL-159561 CVE-2026-27654 nginx:1.24/nginx: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module -- Resolves: RHEL-159537 CVE-2026-27784 nginx:1.24/nginx: NGINX: Denial of +- Resolves: RHEL-159540 CVE-2026-27784 nginx:1.24/nginx: NGINX: Denial of Service due to memory corruption via crafted MP4 file -* Thu Feb 19 2026 Luboš Uhliarik - 1:1.24.0-5.1 -- Resolves: RHEL-146526 - nginx:1.24/nginx: NGINX: Data injection via - man-in-the-middle attack on TLS proxied connections (CVE-2026-1642) +* Tue Feb 17 2026 Luboš Uhliarik - 1:1.24.0-6 +- Resolves: RHEL-146529 - CVE-2026-1642 nginx: NGINX: Data injection via + man-in-the-middle attack on TLS proxied connections * Thu Mar 27 2025 Luboš Uhliarik - 1:1.24.0-5 - Resolves: RHEL-84480 - nginx:1.24/nginx: specially crafted MP4 file may cause