Summary: | www-servers/nginx-1.4.0 is vulnerable to a buffer overflow | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Robin Kauffman <robink> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED DUPLICATE | ||
Severity: | normal | CC: | dev-zero, hollow, ryao |
Priority: | Normal | Keywords: | PATCH, SECURITY |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://nginx.org/download/patch.2013.chunked.txt | ||
Whiteboard: | Ars Technica reports that this is being exploited in the wild | ||
Package list: | Runtime testing required: | --- |
Description
Robin Kauffman
2013-05-07 23:08:06 UTC
Changes with nginx 1.4.1 07 May 2013 *) Security: a stack-based buffer overflow might occur in a worker process while handling a specially crafted request, potentially resulting in arbitrary code execution (CVE-2013-2028); the bug had appeared in 1.3.9. Thanks to Greg MacManus, iSIGHT Partners Labs. http://nginx.org/en/CHANGES-1.4 *** This bug has been marked as a duplicate of bug 468870 *** |