From 795e49ba03171ae5d4a30734f74490878d5063a8 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Nov 26 2018 11:40:16 +0000 Subject: import rh-nginx18-nginx-1.8.1-1.el7.1 --- diff --git a/SOURCES/nginx-1.8.1-CVE-2018-16845.patch b/SOURCES/nginx-1.8.1-CVE-2018-16845.patch new file mode 100644 index 0000000..0a92cd8 --- /dev/null +++ b/SOURCES/nginx-1.8.1-CVE-2018-16845.patch @@ -0,0 +1,18 @@ +diff --git a/src/http/modules/ngx_http_mp4_module.c b/src/http/modules/ngx_http_mp4_module.c +index 980bf57..b165d79 100644 +--- a/src/http/modules/ngx_http_mp4_module.c ++++ b/src/http/modules/ngx_http_mp4_module.c +@@ -896,6 +896,13 @@ ngx_http_mp4_read_atom(ngx_http_mp4_file_t *mp4, + atom_size = ngx_mp4_get_64value(atom_header + 8); + atom_header_size = sizeof(ngx_mp4_atom_header64_t); + ++ if (atom_size < sizeof(ngx_mp4_atom_header64_t)) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "\"%s\" mp4 atom is too small:%uL", ++ mp4->file.name.data, atom_size); ++ return NGX_ERROR; ++ } ++ + } else { + ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, + "\"%s\" mp4 atom is too small:%uL", diff --git a/SPECS/nginx.spec b/SPECS/nginx.spec index 6de887e..4201681 100644 --- a/SPECS/nginx.spec +++ b/SPECS/nginx.spec @@ -27,7 +27,7 @@ Name: %{?scl:%scl_prefix}nginx Epoch: 1 Version: 1.8.1 -Release: 1%{?dist} +Release: 1%{?dist}.1 Summary: A high performance web server and reverse proxy server Group: System Environment/Daemons @@ -55,6 +55,7 @@ Source104: 50x.html # -D_FORTIFY_SOURCE=2 causing warnings to turn into errors. Patch0: nginx-auto-cc-gcc.patch Patch1: nginx-1.8.1-CVE-2016-4450.patch +Patch2: nginx-1.8.1-CVE-2018-16845.patch # Build Passenger against Fedora's (renamed) libeio Patch200: passenger-4.0.38-libeio.patch @@ -125,6 +126,7 @@ memory usage. %setup -q -n nginx-%{version} %patch0 -p0 %patch1 -p1 -b .cve4450 +%patch2 -p1 -b .cve16845 %if 0%{?with_passenger} tar -xf %{SOURCE1} @@ -501,6 +503,10 @@ fi %{?scl: %{_scl_scripts}/deregister.d/*} %changelog +* Tue Nov 13 2018 Lubos Uhliarik - 1:1.8.1-1.1 +- Resolves: #1648362 - CVE-2018-16845 rh-nginx18-nginx: nginx: Denial of + service and memory disclosure via mp4 module + * Mon Jun 20 2016 Joe Orton - 1:1.8.1-1 - update to 1.8.1 (CVE-2016-0742 CVE-2016-0746 CVE-2016-0747) - add security fix for CVE-2016-4450