drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in nginx
Name: |
Denial of Service in nginx |
|
ID: |
FEDORA-2013-8182 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 18 |
|
Datum: |
Do, 23. Mai 2013, 16:32 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2070 |
|
Applikationen: |
nginx |
|
Originalnachricht |
Name : nginx Product : Fedora 18 Version : 1.2.9 Release : 1.fc18 URL : http://nginx.org/ Summary : A high performance web server and reverse proxy server Description : Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage.
------------------------------------------------------------------------------- - Update Information:
Update to upstream release 1.2.9 which fixes: * CVE-2013-2070 "denial of service or memory disclosure when using proxy_pass" fix build on platforms without gperftools Update to upstream release 1.4.0, which includes support for proxying of WebSocket connections, OCSP stapling, SPDY module, gunzip filter and more. Build with "--with-debug" to enable optional debugging ------------------------------------------------------------------------------- - ChangeLog:
* Mon May 13 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.9-1 - update to upstream release 1.2.9 which fixes CVE-2013-2070: "denial of service or memory disclosure when using proxy_pass" (#962525, #962526), which is related to CVE-2013-2028 affecting nginx 1.4.0 * Sun Apr 28 2013 Dan Horák <dan[at]danny.cz> - 1:1.2.8-3 - gperftools exist only on selected arches * Fri Apr 26 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.8-2 - enable google perftools module and add gperftools-devel to BR - enable debugging (#956845) - trim changelog * Tue Apr 2 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.8-1 - update to upstream release 1.2.8 * Fri Feb 22 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.7-2 - make sure nginx directories are not world readable (#913724, #913735) * Sat Feb 16 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.7-1 - update to upstream release 1.2.7 - add .asc file * Tue Feb 5 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.6-6 - use 'kill' instead of 'systemctl' when rotating log files to workaround SELinux issue (#889151) * Wed Jan 23 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.6-5 - uncomment "include /etc/nginx/conf.d/*.conf by default but leave the conf.d directory empty (#903065) * Wed Jan 23 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.6-4 - add comment in nginx.conf regarding "include /etc/nginf/conf.d/*.conf" (#903065) * Wed Dec 19 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.6-3 - use correct file ownership when rotating log files * Tue Dec 18 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.6-2 - send correct kill signal and use correct file permissions when rotating log files (#888225) - send correct kill signal in nginx-upgrade * Tue Dec 11 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.6-1 - update to upstream release 1.2.6 ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #962525 - CVE-2013-2070 nginx: denial of service or memory disclosure when using proxy_pass https://bugzilla.redhat.com/show_bug.cgi?id=962525 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update nginx' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|