Mageia alert MGASA-2013-0160 (nginx) [LWN.net]


From:
    	       Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	       updates-announce@ml.mageia.org 
Subject:
    	       [updates-announce] MGASA-2013-0160: Updated nginx package fixes
 security vulnerability 
Date:
    	       Thu, 6 Jun 2013 21:23:53 +0200
Message-ID:
    	       <20130606192353.2D6E54B5DF@valstar.mageia.org>
Archive-link:
    	       Article, Thread
              
MGASA-2013-0160 - Updated nginx package fixes security vulnerability

Publication date: 06 Jun 2013
Type: security
Affected Mageia releases: 3
CVE: CVE-2013-2070

Description:
A security problem related to CVE-2013-2028 was identified, affecting some
previous nginx versions if proxy_pass to untrusted upstream HTTP servers is
used.  The problem may lead to a denial of service or a disclosure of a
worker process memory on a specially crafted response from an upstream
proxied server (CVE-2013-2070).

References:
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2070

- http://mailman.nginx.org/pipermail/nginx-announce/2013/00...
- http://nginx.org/en/CHANGES-1.2

- http://lists.fedoraproject.org/pipermail/package-announce...

SRPMS:
- 3/core/nginx-1.2.9-1.1.mga3
(Log in to post comments)