Mandriva Linux Security Advisory 2015-094 - A bug in the experimental SPDY implementation in nginx was found, which might allow an attacker to cause a heap memory buffer overflow in a worker process by using a specially crafted request, potentially resulting in arbitrary code execution. Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that it was possible to reuse cached SSL sessions in unrelated contexts, allowing virtual host confusion attacks in some configurations by an attacker in a privileged network position.
a9b0dad5121adee806f8507d31f0378200cad93af903b88a3195c14cd2fca5c6
Gentoo Linux Security Advisory 201502-6 - An SSL session fixation vulnerability in nginx may allow remote attackers to obtain sensitive information. Versions less than 1.7.6 are affected.
29faa459c2b40ea3986840cd0476717e4e2d52fb4e0c7250621ba4aad858db0c
Debian Linux Security Advisory 3029-1 - Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that it was possible to reuse cached SSL sessions in unrelated contexts, allowing virtual host confusion attacks in some configurations by an attacker in a privileged network position.
686cb84de4ba244efd0ea0a859ce45d3415fd2e9a99661b6e0d82901f605addd
Ubuntu Security Notice 2351-1 - Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that nginx incorrectly reused cached SSL sessions. An attacker could possibly use this issue in certain configurations to obtain access to information from a different virtual host.
02a8e09de555bdb912d184f6c0aefad2a80152bc1062161322d7a1666becefaa