From 34b3d0f4917169c5cd568cdb13796a2d75f1fbf1 Mon Sep 17 00:00:00 2001 From: Gyorgy Sarvari Date: Sat, 28 Mar 2026 08:30:20 +0100 Subject: [PATCH] nginx: upgrade 1.28.2 -> 1.28.3 Changes: *) Security: a buffer overflow might occur while handling a COPY or MOVE request in a location with "alias", allowing an attacker to modify the source or destination path outside of the document root (CVE-2026-27654). *) Security: processing of a specially crafted mp4 file by the ngx_http_mp4_module on 32-bit platforms might cause a worker process crash, or might have potential other impact (CVE-2026-27784). *) Security: processing of a specially crafted mp4 file by the ngx_http_mp4_module might cause a worker process crash, or might have potential other impact (CVE-2026-32647). *) Security: a segmentation fault might occur in a worker process if the CRAM-MD5 or APOP authentication methods were used and authentication retry was enabled (CVE-2026-27651). *) Security: an attacker might use PTR DNS records to inject data in auth_http requests, as well as in the XCLIENT command in the backend SMTP connection (CVE-2026-28753). *) Security: SSL handshake might succeed despite OCSP rejecting a client certificate in the stream module (CVE-2026-28755). *) Change: now nginx limits the size and rate of QUIC stateless reset packets. *) Bugfix: receiving a QUIC packet by a wrong worker process could cause the connection to terminate. *) Bugfix: in the ngx_http_mp4_module. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --- .../recipes-httpd/nginx/{nginx_1.28.2.bb => nginx_1.28.3.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-webserver/recipes-httpd/nginx/{nginx_1.28.2.bb => nginx_1.28.3.bb} (66%) diff --git a/meta-webserver/recipes-httpd/nginx/nginx_1.28.2.bb b/meta-webserver/recipes-httpd/nginx/nginx_1.28.3.bb similarity index 66% rename from meta-webserver/recipes-httpd/nginx/nginx_1.28.2.bb rename to meta-webserver/recipes-httpd/nginx/nginx_1.28.3.bb index 9699b7189d..9872a6de3b 100644 --- a/meta-webserver/recipes-httpd/nginx/nginx_1.28.2.bb +++ b/meta-webserver/recipes-httpd/nginx/nginx_1.28.3.bb @@ -2,6 +2,6 @@ require nginx.inc LIC_FILES_CHKSUM = "file://LICENSE;md5=3dc49537b08b14c8b66ad247bb4c4593" -SRC_URI[sha256sum] = "20e5e0f2c917acfb51120eec2fba9a4ba4e1e10fd28465067cc87a7d81a829a3" +SRC_URI[sha256sum] = "2c96a946bfb0882a21744ed429770a2123ae1828c7c48665092993ddee91a918" CVE_STATUS[CVE-2025-53859] = "cpe-stable-backport: Fix is included in 1.28.1"