Summary: | <www-servers/nginx-{0.7.62, 0.6.39, 0.5.38} Request URI Buffer Underflow (CVE-2009-2629) | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Mike Limansky <limanski> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | VERIFIED FIXED | ||||||
Severity: | critical | CC: | richy.od.ua, voxus | ||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
URL: | http://www.kb.cert.org/vuls/id/180065 | ||||||
Whiteboard: | A1 [glsa] | ||||||
Package list: | Runtime testing required: | --- | |||||
Attachments: |
|
Description
Mike Limansky
2009-09-16 07:19:52 UTC
Already in the works. Created attachment 204299 [details]
build.log
(In reply to comment #2) > Created an attachment (id=204299) [edit] > build.log > Sorry, I uploaded attachment for other bug. Please delete (In reply to comment #1) > Already in the works. > Why invalid? If it duplicate it should be marked as duplicate. I searched for the bug for this issue before raising of this bug and didn't found it. (In reply to comment #4) > > Why invalid? If it duplicate it should be marked as duplicate. I searched for > the bug for this issue before raising of this bug and didn't found it. > You couldn't have found it. And I can't dupe it at the moment. Street magic... CVE-2009-2629 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2629): Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests. Using this bug as public reference. amd64, please stabilize immediately: =www-servers/nginx-0.5.38 =www-servers/nginx-0.6.39 =www-servers/nginx-0.7.62 *** Bug 283802 has been marked as a duplicate of this bug. *** amd64 stable. GLSA 200909-18, thanks everyone! |