Login
Newsletter
Werbung

Sicherheit: Denial of Service in nginx
Aktuelle Meldungen Distributionen
Name: Denial of Service in nginx
ID: FEDORA-2013-8182
Distribution: Fedora
Plattformen: Fedora 18
Datum: Do, 23. Mai 2013, 16:32
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2070
Applikationen: nginx

Originalnachricht

Name        : nginx
Product : Fedora 18
Version : 1.2.9
Release : 1.fc18
URL : http://nginx.org/
Summary : A high performance web server and reverse proxy server
Description :
Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and
IMAP protocols, with a strong focus on high concurrency, performance and low
memory usage.

-------------------------------------------------------------------------------
-
Update Information:

Update to upstream release 1.2.9 which fixes:
* CVE-2013-2070 "denial of service or memory disclosure when using
proxy_pass"
fix build on platforms without gperftools
Update to upstream release 1.4.0, which includes support for proxying of
WebSocket connections, OCSP stapling, SPDY module, gunzip filter and more.
Build with "--with-debug" to enable optional debugging
-------------------------------------------------------------------------------
-
ChangeLog:

* Mon May 13 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.9-1
- update to upstream release 1.2.9 which fixes CVE-2013-2070: "denial of
service or memory disclosure when using proxy_pass" (#962525, #962526),
which is related to CVE-2013-2028 affecting nginx 1.4.0
* Sun Apr 28 2013 Dan Horák <dan[at]danny.cz> - 1:1.2.8-3
- gperftools exist only on selected arches
* Fri Apr 26 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.8-2
- enable google perftools module and add gperftools-devel to BR
- enable debugging (#956845)
- trim changelog
* Tue Apr 2 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.8-1
- update to upstream release 1.2.8
* Fri Feb 22 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.7-2
- make sure nginx directories are not world readable (#913724, #913735)
* Sat Feb 16 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.7-1
- update to upstream release 1.2.7
- add .asc file
* Tue Feb 5 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.6-6
- use 'kill' instead of 'systemctl' when rotating log files to
workaround
SELinux issue (#889151)
* Wed Jan 23 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.6-5
- uncomment "include /etc/nginx/conf.d/*.conf by default but leave the
conf.d directory empty (#903065)
* Wed Jan 23 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.6-4
- add comment in nginx.conf regarding "include
/etc/nginf/conf.d/*.conf"
(#903065)
* Wed Dec 19 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.6-3
- use correct file ownership when rotating log files
* Tue Dec 18 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.6-2
- send correct kill signal and use correct file permissions when rotating
log files (#888225)
- send correct kill signal in nginx-upgrade
* Tue Dec 11 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 1:1.2.6-1
- update to upstream release 1.2.6
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #962525 - CVE-2013-2070 nginx: denial of service or memory
disclosure when using proxy_pass
https://bugzilla.redhat.com/show_bug.cgi?id=962525
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update nginx' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung