Sicherheit: Fehlerhafte Zugriffsrechte in nginx - Pro-Linux

Name        : nginx
Product     : Fedora 17
Version     : 1.0.15
Release     : 9.fc17
URL         : http://nginx.org/
Summary     : A high performance web server and reverse proxy server
Description :
Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and
IMAP protocols, with a strong focus on high concurrency, performance and low
memory usage.

-------------------------------------------------------------------------------
-
Update Information:

Make sure nginx directories are not world readable
-------------------------------------------------------------------------------
-
ChangeLog:

* Fri Feb 22 2013 Jamie Nguyen <jamielinux@fedoraproject.org> -
 1:1.0.15-9
- make sure nginx directories are not world readable (#913734, #913735)
* Wed Dec 19 2012 Jamie Nguyen <jamielinux@fedoraproject.org> -
 1:1.0.15-8
- use correct file ownership when rotating log files
* Tue Dec 18 2012 Jamie Nguyen <jamielinux@fedoraproject.org> -
 1:1.0.15-7
- send correct kill signal and use correct file permissions when rotating
  log files (#888225)
- send correct kill signal in nginx-upgrade
* Sun Oct 28 2012 Jamie Nguyen <jamielinux@fedoraproject.org> -
 1:1.0.15-6
- incorrect bug number in changelog
* Sun Oct 28 2012 Jamie Nguyen <jamielinux@fedoraproject.org> -
 1:1.0.15-5
- add nginx man page (#870738)
- add nginx-upgrade man page and remove README.fedora
- link to official documentation instead of the community wiki (#870733)
- do not run systemctl try-restart after package upgrade to allow the
  administrator to run nginx-upgrade and avoid downtime
- default.conf: add "default_server" to the "listen" directive
 (#842738)
* Wed May 16 2012 Jamie Nguyen <jamielinux@fedoraproject.org> -
 1:1.0.15-4
- add nginx-upgrade to replace functionality from the nginx initscript
  that was lost after migration to systemd
- add README.fedora to describe usage of nginx-upgrade
- nginx.logrotate: use built-in systemd kill command in postrotate script
- nginx.service: start after syslog.target and network.target
- nginx.service: remove unnecessary references to config file location
- nginx.service: use /bin/kill instead of "/usr/sbin/nginx -s"
 following
  advice from nginx-devel
- nginx.service: use private /tmp
* Mon May 14 2012 Jamie Nguyen <jamielinux@fedoraproject.org> -
 1:1.0.15-3
- fix incorrect postrotate script in nginx.logrotate
-------------------------------------------------------------------------------
-
References:

  [ 1 ] Bug #913734 - CVE-2013-0337 nginx: world-readable log files
        https://bugzilla.redhat.com/show_bug.cgi?id=913734
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program.  Use 
su -c 'yum update nginx' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce