buffer overflow CVE-2011-4315
luky-37 at hotmail.com
Thu Apr 12 22:20:19 UTC 2012
You are running a release which dates back to December 2010. The last relase in the 0.8 train is from July 2011, while CVE-2011-4315 was fixed in November 2011. You can assume your version is vulnerable.
If you can't upgrade to current stable you will need to backport the bugfix to 0.8.
CVE-2011-4315 is missing on the nginx security advisories on nginx.org, can someone add it?
> Date: Fri, 13 Apr 2012 00:11:23 +0200
> From: lists at ruby-forum.com
> To: nginx at nginx.org
> Subject: buffer overflow CVE-2011-4315
> we are running nginx 0.8.54, I'm trying to pass PCI compliance testing
> they say this is vulnerable to a buffer overflow.
> however when i try and find out if it is i can't seem to find out.
> these links don't show that my version has this flaw.
> i'm hoping there is a link to show that this version is safe.
> Posted via http://www.ruby-forum.com/.
> nginx mailing list
> nginx at nginx.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the nginx