Articles by KENNETH

Updating NGINX for Vulnerabilities in the MP4 and HLS Video-Streaming Modules Today, we are releasing updates to NGINX Plus, NGINX Open Source, NGINX Open Source Subscription, and NGINX Ingress Controller in response to recently discovered vulnerabilities in the NGINX modules for video streaming with the MP4 and Apple HTTP Live Streaming (HLS) formats, ngx_http_mp4_module and ngx_http_hls_module. (NGINX Open Source Subscription is a specially packaged edition of NGINX Open Source available in certain geographies.) The vulnerabilities have been registered in the Common Vulnerabilities and Exposures (CVE) database and the F5 Security Incident Response Team (SIRT) has assigned scores to them using the Common Vulnerability Scoring System (CVSS v3.1) scale. The following vulnerabilities in the MP4 module (ngx_http_mp4_module) apply to NGINX Plus, NGINX Open Source, and NGINX Open Source Subscription. CVE-2022-41741 (Memory Corruption) – CVSS score 7.1 (High) CVE-2022-41742 (Memory Disclosure) – CVSS score 7.0 (High) [ more… ]