diff mbox series

[meta-webserver] nginx: upgrade 1.30.2 -> 1.30.3

Message ID 20260624105739.3477896-1-andrej.kozemcak@siemens.com
State New
Headers show
Series [meta-webserver] nginx: upgrade 1.30.2 -> 1.30.3 | expand

Commit Message

Andrej Kozemcak June 24, 2026, 10:57 a.m. UTC 
Changes with nginx 1.30.3

*) Security: a heap memory buffer overflow might occur in a worker
   process when using a configuration with "ignore_invalid_headers off;"
   and "large_client_header_buffers" with large configured values when
   proxying a specially crafted request to HTTP/2 or gRPC backend,
   allowing an attacker to cause worker process memory corruption or
   segmentation fault in a worker process (CVE-2026-42055).

*) Security: a heap memory buffer overread might occur in a worker
   process while handling a specially sent response with decoding from
   UTF-8 via the "charset_map" directive, allowing an attacker to cause
   a limited disclosure of worker proccess memory or segmentation fault
   in a worker process (CVE-2026-48142).

Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com>
---
 .../recipes-httpd/nginx/{nginx_1.30.2.bb => nginx_1.30.3.bb}    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta-webserver/recipes-httpd/nginx/{nginx_1.30.2.bb => nginx_1.30.3.bb} (51%)
diff mbox series

Patch

diff --git a/meta-webserver/recipes-httpd/nginx/nginx_1.30.2.bb b/meta-webserver/recipes-httpd/nginx/nginx_1.30.3.bb
similarity index 51%
rename from meta-webserver/recipes-httpd/nginx/nginx_1.30.2.bb
rename to meta-webserver/recipes-httpd/nginx/nginx_1.30.3.bb
index 2ccc7226a4..981b3f6477 100644
--- a/meta-webserver/recipes-httpd/nginx/nginx_1.30.2.bb
+++ b/meta-webserver/recipes-httpd/nginx/nginx_1.30.3.bb
@@ -2,5 +2,5 @@  require nginx.inc
 
 LIC_FILES_CHKSUM = "file://LICENSE;md5=79da1c70d587d3a199af9255ad393f99"
 
-SRC_URI[sha256sum] = "7df3090907fca3cc0e456d6dc00ceb230da74ea88026ceff0affc29dbbd9ac4c"
+SRC_URI[sha256sum] = "e5823dc6f45610993def93ebf6cfce68264af4958c77e874b7d20f3709001b8f"