Debian Security Advisory 2721-1

Debian Security Advisory 2721-1: Posted Jul 8, 2013; Authored by Debian | Site debian.org; Debian Linux Security Advisory 2721-1 - A buffer overflow has been identified in nginx, a small, powerful, scalable web/proxy server, when processing certain chunked transfer encoding requests if proxy_pass to untrusted upstream HTTP servers is used. An attacker may use this flaw to perform denial of service attacks, disclose worker process memory, or possibly execute arbitrary code.; tags | advisory, web, denial of service, overflow, arbitrary; systems | linux, debian; advisories | CVE-2013-2070; SHA-256 | 6e99ad6cc32808c72aea2fdc8a60c3b1e83edc6d3f8b8b8a6b9b122cd944919c; Download | Favorite | View

Debian Security Advisory 2721-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2721-1                   security@debian.org
http://www.debian.org/security/                                Nico Golde
July 07, 2013                          http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : nginx
Vulnerability  : buffer overflow
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2013-2070
Debian Bug     : 708164

A buffer overflow has been identified in nginx, a small, powerful,
scalable web/proxy server, when processing certain chunked transfer
encoding requests if proxy_pass to untrusted upstream HTTP servers is
used.  An attacker may use this flaw to perform denial of service
attacks, disclose worker process memory, or possibly execute arbitrary
code.

The oldstable distribution (squeeze), is not affected by this problem.

For the stable distribution (wheezy), this problem has been fixed in
version 1.2.1-2.2+wheezy1.

For the unstable distribution (sid), this problem has been fixed in
version 1.4.1-1.

We recommend that you upgrade your nginx packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCgAGBQJR2ZOuAAoJEM1LKvOgoKqqTjsQAMKVFfBMx5Xu6XB6jXXM+2CL
+m0TyjQp9oKTlTkZpE18fbQviCVk+A1jZZbHdEZlJnEdy0XvXvJpaN6DiNi10IVi
kRQkMBtusXI7Bshh4Z/xWh6on9s//06mQzQzymnMQfcKDcg91Z159xPYi86mlxH5
dnf9/XirRwCokM5PI8duw1YJg2aMUpr5wYi14LVpC93ic5UoL3olwtbWcIAJy6VP
auORGQLFTUCljpyEtZXku8mD168RnSubP6FZGRfar3JvywBX4MgK/+KnGXuZKZ6H
MNDgVrb8hrkzQJQWvycZjhYUhurqSkR17VgJnwiyHxOxP9Sw6adWoH5aRGwoklhH
0d48CMlunJFvYtFEY8rQqiXBLAyZ09CnrEwgQa3hlugGWkRPVxnKmaghOwXZNXez
o8RjCYEOdD2BppUc8RJZYz3UYq+WdVKv499HcgKGscol9aJ8XCYoq/G67697EaPF
NUFaL3ApZ7rGiuUsx82FujIRs2rjuvQTe9Wiz2jRh0/BjuKarL/TG3r3SVD5/nDX
6j4ngF8eFDmf2ZfxQM1/Ug2ReO+gglnVZyYy4Kn/fxTTwFMLvznR+2lygAJQs/aM
CsRN7KQhDdL1FgELvapLYyfcweeq41NJGwIvD7y3O7JKAlO44IO3XcvdAOHWLY2f
8xcpghy474tAclbQPQUi
=4eCV
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 183 files
Ubuntu 59 files
Debian 20 files
Valentin Lobstein 11 files
nu11secur1ty 9 files
Apple 6 files
Google Security Research 6 files
E1.Coders 4 files
Ersin Erenler 4 files
tmrswrr 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,007)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,166)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,459)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,428)
UNIX (9,390)
UnixWare (187)
Windows (6,647)
Other

Debian Security Advisory 2721-1

Debian Security Advisory 2721-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 2721-1

Share This

Debian Security Advisory 2721-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems