All of lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [PATCH] package/nginx: security bump to 1.30.3
@ 2026-07-02  7:37 Waldemar Brodkorb
  2026-07-02 16:53 ` Peter Korsgaard
  2026-07-10 13:52 ` Thomas Perale via buildroot
  0 siblings, 2 replies; 3+ messages in thread
From: Waldemar Brodkorb @ 2026-07-02  7:37 UTC (permalink / raw)
  To: buildroot

Changes with nginx 1.30.3

    *) Security: a heap memory buffer overflow might occur in a worker
       process when using a configuration with "ignore_invalid_headers off;"
       and "large_client_header_buffers" with large configured values when
       proxying a specially crafted request to HTTP/2 or gRPC backend,
       allowing an attacker to cause worker process memory corruption or
       segmentation fault in a worker process (CVE-2026-42055).
       Thanks to Mufeed VH of Winfunc Research.

    *) Security: a heap memory buffer overread might occur in a worker
       process while handling a specially sent response with decoding from
       UTF-8 via the "charset_map" directive, allowing an attacker to cause
       a limited disclosure of worker proccess memory or segmentation fault
       in a worker process (CVE-2026-48142).
       Thanks to Han Yan of Xiaomi and p4p3r of CYBERONE.

Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
---
 package/nginx/nginx.hash | 2 +-
 package/nginx/nginx.mk   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/nginx/nginx.hash b/package/nginx/nginx.hash
index 5055b4bd57..6c3afa889d 100644
--- a/package/nginx/nginx.hash
+++ b/package/nginx/nginx.hash
@@ -1,4 +1,4 @@
 # Locally calculated after checking pgp signature
-sha256  7df3090907fca3cc0e456d6dc00ceb230da74ea88026ceff0affc29dbbd9ac4c  nginx-1.30.2.tar.gz
+sha256  e5823dc6f45610993def93ebf6cfce68264af4958c77e874b7d20f3709001b8f  nginx-1.30.3.tar.gz
 # License files, locally calculated
 sha256  08845fe39e06b51dad7685c28140ab49577a86e947523e16b536a46caf89ad5c  LICENSE
diff --git a/package/nginx/nginx.mk b/package/nginx/nginx.mk
index 3f6aecebef..ad61ef6140 100644
--- a/package/nginx/nginx.mk
+++ b/package/nginx/nginx.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-NGINX_VERSION = 1.30.2
+NGINX_VERSION = 1.30.3
 NGINX_SITE = https://nginx.org/download
 NGINX_LICENSE = BSD-2-Clause
 NGINX_LICENSE_FILES = LICENSE
-- 
2.47.3

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply related	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2026-07-10 13:52 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-07-02  7:37 [Buildroot] [PATCH] package/nginx: security bump to 1.30.3 Waldemar Brodkorb
2026-07-02 16:53 ` Peter Korsgaard
2026-07-10 13:52 ` Thomas Perale via buildroot

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.