[Bug 430064] [NEW] Security fix in recent release 0.6.39/DSA-1884-1
pwolanin
pwolanin at gmail.com
Tue Sep 15 14:15:13 UTC 2009
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: nginx
The release on 2009-09-14 contains a buffer underflow fix. Unpatched
servers may be vulnerable to DoS or arbitrary code execution.
http://nginx.net/CHANGES-0.6
A fix has been applied to Debian packages. please update the Ubuntu
packages to the latest code, or backport the fix.
- --------------------------------------------------------------------------
Debian Security Advisory DSA-1884-1 security at debian.org
http://www.debian.org/security/ Nico Golde
September 14th, 2009 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : nginx
Vulnerability : buffer underflow
Problem type : remote
Debian-specific: no
CVE ID : CVE-2009-2629
Chris Ries discovered that nginx, a high-performance HTTP server, reverse
proxy and IMAP/POP3 proxy server, is vulnerable to a buffer underflow when
processing certain HTTP requests. An attacker can use this to execute
arbitrary code with the rights of the worker process (www-data on Debian)
or possibly perform denial of service attacks by repeatedly crashing
worker processes via a specially crafted URL in an HTTP request.
For the oldstable distribution (etch), this problem has been fixed in
version 0.4.13-2+etch2.
For the stable distribution (lenny), this problem has been fixed in
version 0.6.32-3+lenny2.
For the testing distribution (squeeze), this problem will be fixed soon.
For the unstable distribution (sid), this problem has been fixed in
version 0.7.61-3.
** Affects: nginx (Ubuntu)
Importance: Undecided
Status: New
** Visibility changed to: Public
--
Security fix in recent release 0.6.39/DSA-1884-1
https://bugs.launchpad.net/bugs/430064
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
More information about the universe-bugs
mailing list