Mandriva Linux Security Advisory 2015-094 - A bug in the experimental SPDY implementation in nginx was found, which might allow an attacker to cause a heap memory buffer overflow in a worker process by using a specially crafted request, potentially resulting in arbitrary code execution. Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that it was possible to reuse cached SSL sessions in unrelated contexts, allowing virtual host confusion attacks in some configurations by an attacker in a privileged network position.
a9b0dad5121adee806f8507d31f0378200cad93af903b88a3195c14cd2fca5c6
Gentoo Linux Security Advisory 201406-20 - A vulnerability has been found in nginx which may allow execution of arbitrary code. Versions less than 1.4.7 are affected.
3e519a84a2acdaf4c4485c9b31a5fdcefeaa8e4c356e434dd87d582ec8ce444e