Package "libnginx-mod-http-uploadprogress"
| Name: |
libnginx-mod-http-uploadprogress
|
Description: |
Upload progress system for Nginx
|
| Latest version: |
1.18.0-6ubuntu14.12 |
| Release: |
jammy (22.04) |
| Level: |
updates |
| Repository: |
universe |
| Head package: |
nginx |
| Homepage: |
https://nginx.net |
Links
Download "libnginx-mod-http-uploadprogress"
Other versions of "libnginx-mod-http-uploadprogress" in Jammy
Changelog
|
nginx (1.18.0-6ubuntu14.12) jammy-security; urgency=medium
* SECURITY UPDATE: resolver use-after-free in OCSP
- debian/patches/CVE-2026-40701.patch: OCSP: resolve cleanup on connection
close in src/event/ngx_event_openssl_stapling.c.
- CVE-2026-40701
* SECURITY UPDATE: Buffer overread in the ngx_http_charset_module
- debian/patches/CVE-2026-42934.patch: Charset: fix buffer over-read in
recode_from_utf8(). in src/http/modules/ngx_http_charset_filter_module.c.
- CVE-2026-42934
* SECURITY UPDATE: Buffer overread in the ngx_http_scgi_module and
ngx_http_uwsgi_module
- debian/patches/CVE-2026-42946-1.patch: Upstream: reset parsing state after
invalid status line in src/http/modules/ngx_http_scgi_module.c,
src/http/modules/ngx_http_uwsgi_module.c.
- debian/patches/CVE-2026-42946-2.patch: Upstream: fixed parsing of split
status lines in src/http/modules/ngx_http_proxy_module.c,
src/http/modules/ngx_http_scgi_module.c,
src/http/modules/ngx_http_uwsgi_module.c.
- CVE-2026-42946
* SECURITY UPDATE: Buffer overflow in the ngx_http_rewrite_module
- debian/patches/CVE-2026-9256.patch: Rewrite: fix buffer overflow with
overlapping captures in src/http/ngx_http_script.c.
- CVE-2026-9256
-- Marc Deslauriers <email address hidden> Sat, 30 May 2026 10:32:05 -0400
|
| Source diff to previous version |
| CVE-2026-40701 |
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_ssl_module module when the ssl_verify_client directive is set to "on" or "optio |
| CVE-2026-42934 |
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_charset_module module. When charset, source_charset, and charset_map and proxy_ |
| CVE-2026-42946 |
A vulnerability exists in the ngx_http_scgi_module and ngx_http_uwsgi_module modules that may result in excessive memory allocation or an over-read o |
| CVE-2026-9256 |
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when a rewrite directive uses |
|
|
nginx (1.18.0-6ubuntu14.11) jammy-security; urgency=medium
[ Thomas Ward ]
* SECURITY UPDATE: buffer overrun in ngx_http_rewrite_module
(LP: #2152577)
- d/patches/cve-2026-42945.patch: Apply upstream commit/fix
for CVE
- CVE-2026-42945
-- Marc Deslauriers <email address hidden> Thu, 14 May 2026 09:55:52 +0200
|
| Source diff to previous version |
| 2152577 |
CVE-2026-42945: heap-based buffer overflow in ngx_http_rewrite_module (NGINX Rift) |
| CVE-2026-42945 |
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is |
|
|
nginx (1.18.0-6ubuntu14.10) jammy-security; urgency=medium
* SECURITY UPDATE: process crash in ngx_mail_auth_http_module
- debian/patches/CVE-2026-27651.patch: fixed clearing s->passwd in auth
http requests in src/mail/ngx_mail_auth_http_module.c.
- CVE-2026-27651
* SECURITY UPDATE: buffer overflow in ngx_http_dav_module module
- debian/patches/CVE-2026-27654.patch: add destination length
validation for COPY and MOVE in
src/http/modules/ngx_http_dav_module.c.
- CVE-2026-27654
* SECURITY UPDATE: buffer overflow in ngx_http_mp4_module module
- debian/patches/CVE-2026-27784.patch: fixed possible integer overflow
on 32-bit platforms in src/http/modules/ngx_http_mp4_module.c.
- CVE-2026-27784
* SECURITY UPDATE: header injection in ngx_mail_smtp_module module
- debian/patches/CVE-2026-28753.patch: add host validation in
src/mail/ngx_mail_smtp_handler.c.
- CVE-2026-28753
* SECURITY UPDATE: buffer overflow in ngx_http_mp4_module module
- debian/patches/CVE-2026-32647.patch: avoid zero size buffers in
output in src/http/modules/ngx_http_mp4_module.c.
- CVE-2026-32647
-- Marc Deslauriers <email address hidden> Thu, 23 Apr 2026 08:28:46 -0400
|
| Source diff to previous version |
| CVE-2026-27651 |
When the ngx_mail_auth_http_module module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate |
| CVE-2026-27654 |
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_dav_module module that might allow an attacker to trigger a buffer overflow to |
| CVE-2026-27784 |
The 32-bit implementation of NGINX Open Source has a vulnerability in the ngx_http_mp4_module module, which might allow an attacker to over-read or o |
| CVE-2026-28753 |
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_mail_smtp_module module due to the improper handling of CRLF sequences in DNS respon |
| CVE-2026-32647 |
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module module, which might allow an attacker to trigger a buffer over-read |
|
|
nginx (1.18.0-6ubuntu14.8) jammy-security; urgency=medium
* SECURITY UPDATE: Proxy server response plain text injection
- debian/patches/CVE-2026-1642.patch: detect premature plain text
response from SSL backend in src/http/ngx_http_upstream.c.
- CVE-2026-1642
-- Marc Deslauriers <email address hidden> Mon, 09 Feb 2026 09:09:38 -0500
|
| Source diff to previous version |
| CVE-2026-1642 |
A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security (TLS) servers. An attacker with a ma |
|
|
nginx (1.18.0-6ubuntu14.7) jammy-security; urgency=medium
* SECURITY UPDATE: data leak in ngx_mail_smtp_module
- debian/patches/CVE-2025-53859.patch: properly check lengths in
src/mail/ngx_mail_handler.c.
- CVE-2025-53859
-- Marc Deslauriers <email address hidden> Fri, 22 Aug 2025 08:46:32 -0400
|
| CVE-2025-53859 |
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_mail_smtp_module that might allow an unauthenticated attacker to over-read NGINX SMT |
|
About
-
Send Feedback to @ubuntu_updates
