Security Advisory - Nov. 6, 2018 - CVE-2018-16845

Bug #1801983 reported by Thomas Ward on 2018-11-06
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
nginx (Ubuntu)
Status tracked in Disco
Trusty
Medium
Unassigned
Xenial
Medium
Unassigned
Bionic
Medium
Unassigned
Cosmic
Medium
Unassigned
Disco
Medium
Thomas Ward

Bug Description

The following was put out in a security advisory notice over nginx-announce's mailing list today:

http://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html

Hello!

A security issue was identified in the ngx_http_mp4_module, which might
allow an attacker to cause infinite loop in a worker process, cause a
worker process crash, or might result in worker process memory
disclosure by using a specially crafted mp4 file (CVE-2018-16845).

The issue only affects nginx if it is built with the ngx_http_mp4_module
(the module is not built by default) and the "mp4" directive is used in
the configuration file. Further, the attack is only possible if an
attacker is able to trigger processing of a specially crafted mp4 file
with the ngx_http_mp4_module.

The issue affects nginx 1.1.3+, 1.0.7+.
The issue is fixed in 1.15.6, 1.14.1.

Patch for the issue can be found here:

http://nginx.org/download/patch.2018.mp4.txt

------

Based on the version strings specified, the following Ubuntu versions of nginx are affected:

* Trusty (1.4.6-1ubuntu3, 1.4.6-1ubuntu3.8)
* Xenial (1.9.15-0ubuntu1, 1.10.3-0ubuntu0.16.04.2)
* Bionic (1.14.0-0ubuntu1, 1.14.0-0ubuntu1.1)
* Cosmic (1.15.0-0ubuntu1, 1.15.0-0ubuntu2)
* Disco (1.15.0-0ubuntu1, 1.15.0-0ubuntu3)

CVE References

Thomas Ward (teward) on 2018-11-06
Changed in nginx (Ubuntu):
status: New → Confirmed
Changed in nginx (Ubuntu Cosmic):
status: New → Confirmed
Changed in nginx (Ubuntu Bionic):
status: New → Confirmed
Changed in nginx (Ubuntu Xenial):
status: New → Confirmed
Changed in nginx (Ubuntu Trusty):
status: New → Confirmed
description: updated
Thomas Ward (teward) on 2018-11-06
Changed in nginx (Ubuntu Trusty):
importance: Undecided → Medium
Changed in nginx (Ubuntu Xenial):
importance: Undecided → Medium
Changed in nginx (Ubuntu Bionic):
importance: Undecided → Medium
Changed in nginx (Ubuntu Disco):
importance: Undecided → Medium
Changed in nginx (Ubuntu Cosmic):
importance: Undecided → Medium
Changed in nginx (Ubuntu Disco):
assignee: nobody → Thomas Ward (teward)
Thomas Ward (teward) on 2018-11-07
Changed in nginx (Ubuntu Trusty):
status: Confirmed → Fix Released
Changed in nginx (Ubuntu Xenial):
status: Confirmed → Fix Released
Changed in nginx (Ubuntu Bionic):
status: Confirmed → Fix Released
Changed in nginx (Ubuntu Cosmic):
status: Confirmed → Fix Released
Thomas Ward (teward) on 2018-11-13
Changed in nginx (Ubuntu Disco):
status: Confirmed → Fix Committed
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers