drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Fehlerhafte Zugriffsrechte in nginx
Name: |
Fehlerhafte Zugriffsrechte in nginx |
|
ID: |
FEDORA-2013-2955 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 17 |
|
Datum: |
Di, 5. März 2013, 08:00 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0337 |
|
Applikationen: |
nginx |
|
Originalnachricht |
Name : nginx Product : Fedora 17 Version : 1.0.15 Release : 9.fc17 URL : http://nginx.org/ Summary : A high performance web server and reverse proxy server Description : Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage.
------------------------------------------------------------------------------- - Update Information:
Make sure nginx directories are not world readable ------------------------------------------------------------------------------- - ChangeLog:
* Fri Feb 22 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.0.15-9 - make sure nginx directories are not world readable (#913734, #913735) * Wed Dec 19 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.0.15-8 - use correct file ownership when rotating log files * Tue Dec 18 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.0.15-7 - send correct kill signal and use correct file permissions when rotating log files (#888225) - send correct kill signal in nginx-upgrade * Sun Oct 28 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.0.15-6 - incorrect bug number in changelog * Sun Oct 28 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.0.15-5 - add nginx man page (#870738) - add nginx-upgrade man page and remove README.fedora - link to official documentation instead of the community wiki (#870733) - do not run systemctl try-restart after package upgrade to allow the administrator to run nginx-upgrade and avoid downtime - default.conf: add "default_server" to the "listen" directive (#842738) * Wed May 16 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.0.15-4 - add nginx-upgrade to replace functionality from the nginx initscript that was lost after migration to systemd - add README.fedora to describe usage of nginx-upgrade - nginx.logrotate: use built-in systemd kill command in postrotate script - nginx.service: start after syslog.target and network.target - nginx.service: remove unnecessary references to config file location - nginx.service: use /bin/kill instead of "/usr/sbin/nginx -s" following advice from nginx-devel - nginx.service: use private /tmp * Mon May 14 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.0.15-3 - fix incorrect postrotate script in nginx.logrotate ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #913734 - CVE-2013-0337 nginx: world-readable log files https://bugzilla.redhat.com/show_bug.cgi?id=913734 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update nginx' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|