*** This bug is a security vulnerability *** Public security bug reported:
Binary package hint: nginx The release on 2009-09-14 contains a buffer underflow fix. Unpatched servers may be vulnerable to DoS or arbitrary code execution. http://nginx.net/CHANGES-0.6 A fix has been applied to Debian packages. please update the Ubuntu packages to the latest code, or backport the fix. - -------------------------------------------------------------------------- Debian Security Advisory DSA-1884-1 secur...@debian.org http://www.debian.org/security/ Nico Golde September 14th, 2009 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : nginx Vulnerability : buffer underflow Problem type : remote Debian-specific: no CVE ID : CVE-2009-2629 Chris Ries discovered that nginx, a high-performance HTTP server, reverse proxy and IMAP/POP3 proxy server, is vulnerable to a buffer underflow when processing certain HTTP requests. An attacker can use this to execute arbitrary code with the rights of the worker process (www-data on Debian) or possibly perform denial of service attacks by repeatedly crashing worker processes via a specially crafted URL in an HTTP request. For the oldstable distribution (etch), this problem has been fixed in version 0.4.13-2+etch2. For the stable distribution (lenny), this problem has been fixed in version 0.6.32-3+lenny2. For the testing distribution (squeeze), this problem will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 0.7.61-3. ** Affects: nginx (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public -- Security fix in recent release 0.6.39/DSA-1884-1 https://bugs.launchpad.net/bugs/430064 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
