Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 389319 (CVE-2011-4315) - <www-servers/nginx-1.0.10: heap overflow in ngx_resolver_copy() (CVE-2011-4315)
Summary: <www-servers/nginx-1.0.10: heap overflow in ngx_resolver_copy() (CVE-2011-4315)
Status: RESOLVED FIXED
Alias: CVE-2011-4315
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://trac.nginx.org/nginx/changeset...
Whiteboard: B1 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2011-11-02 13:07 UTC by Agostino Sarubbo
Modified: 2012-03-28 10:59 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2011-11-02 13:07:17 UTC
$summary
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2011-11-17 12:06:11 UTC
A heap overflow was found, I don't have further details, but please provide an updated ebuild, it's a remotely exploitable bug.
Comment 2 Stefan Behte (RETIRED) gentoo-dev Security 2011-11-17 12:07:56 UTC
re-adding hollow
Comment 3 Stefan Behte (RETIRED) gentoo-dev Security 2011-11-17 12:18:02 UTC
Source: https://twitter.com/#!/benhawkes/status/137054642403147776
Comment 4 Benedikt Böhm (RETIRED) gentoo-dev 2011-11-20 06:49:42 UTC
1.0.10/1.1.8 in cvs now
Comment 5 Agostino Sarubbo gentoo-dev 2011-11-20 10:01:53 UTC
(In reply to comment #4)
> 1.0.10/1.1.8 in cvs now

Thanks hollow.

Arches, please test and mark stable:
=www-servers/nginx-1.0.10
Target keywords : "amd64 x86"
Comment 6 Agostino Sarubbo gentoo-dev 2011-11-20 10:02:21 UTC
Fine for me on both arches.
Comment 7 Michael Harrison 2011-11-22 09:53:32 UTC
amd64 ok; compilation, startup, and nginix -t tests all good
Comment 8 Michael Harrison 2011-11-22 10:00:03 UTC
forgot to make note that USE="passenger" returned
Passenger support has been removed from the nginx ebuild to
 
* get rid of file collisions, its broken build system and
 * incompatibilities between passenger 2 and 3.
 * 
 * Please switch to passenger-3 standalone or use the
 * unicorn gem which provides a sane nginx-like architecture
 * out of the box.

switched to passenger-3 and all went fine as stated above.
Comment 9 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-11-22 16:11:46 UTC
x86 stable
Comment 10 Tony Vroon (RETIRED) gentoo-dev 2011-11-22 16:31:53 UTC
+  22 Nov 2011; Tony Vroon <chainsaw@gentoo.org> nginx-1.0.10.ebuild:
+  Marked stable on AMD64 based on arch testing by Agostino "ago" Sarubbo &
+  Michael "n0idx80" Harrison in security bug #389319.

Security, that's stable keywording complete for all arches.
Comment 11 Tim Sammut (RETIRED) gentoo-dev 2011-11-22 16:39:50 UTC
Thanks, everyone. Added to existing GLSA request.
Comment 12 GLSAMaker/CVETool Bot gentoo-dev 2011-12-12 23:59:17 UTC
CVE-2011-4315 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4315):
  Heap-based buffer overflow in compression-pointer processing in
  core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause
  a denial of service (daemon crash) or possibly have unspecified other impact
  via a long response.
Comment 13 GLSAMaker/CVETool Bot gentoo-dev 2012-03-28 10:59:47 UTC
This issue was resolved and addressed in
 GLSA 201203-22 at http://security.gentoo.org/glsa/glsa-201203-22.xml
by GLSA coordinator Sean Amoss (ackle).