Hello!
A security problem related to CVE-2013-2028 was identified,
affecting some previous nginx versions if proxy_pass to
untrusted upstream HTTP servers is used.
The problem may lead to a denial of service or a disclosure of a
worker process memory on a specially crafted response from an
upstream proxied server.
The problem affects nginx 1.1.4 - 1.2.8, 1.3.0 - 1.4.0.
The problem is already fixed in nginx 1.5.0, 1.4.1. Version 1.2.9
was released to address the issue in the 1.2.x legacy branch.
Patch for nginx 1.3.9 - 1.4.0 is the same as for CVE-2013-2028:
http://nginx.org/download/patch.2013.chunked.txt
Patch for older nginx versions (1.1.4 - 1.2.8, 1.3.0 - 1.3.8)
can be found here:
http://nginx.org/download/patch.2013.proxy.txt
--
Maxim Dounin
http://nginx.org/en/donation.html
Changes with nginx 1.2.9 13 May 2013
*) Security: contents of worker process memory might be sent to a client
if HTTP backend returned specially crafted response (CVE-2013-2070);
the bug had appeared in 1.1.4.
--
Maxim Dounin
http://nginx.org/en/donation.html
Hello!
Greg MacManus, of iSIGHT Partners Labs, found a security problem
in several recent versions of nginx. A stack-based buffer
overflow might occur in a worker process while handling a
specially crafted request, potentially resulting in arbitrary code
execution (CVE-2013-2028).
The problem affects nginx 1.3.9 - 1.4.0.
The problem is fixed in nginx 1.5.0, 1.4.1.
Patch for the problem can be found here:
http://nginx.org/download/patch.2013.chunked.txt
As a temporary workaround the following configuration
can be used in each server{} block:
if ($http_transfer_encoding ~* chunked) {
return 444;
}
--
Maxim Dounin
http://nginx.org/en/donation.html
Changes with nginx 1.4.1 07 May 2013
*) Security: a stack-based buffer overflow might occur in a worker
process while handling a specially crafted request, potentially
resulting in arbitrary code execution (CVE-2013-2028); the bug had
appeared in 1.3.9.
Thanks to Greg MacManus, iSIGHT Partners Labs.
--
Maxim Dounin
http://nginx.org/en/donation.html
Changes with nginx 1.5.0 07 May 2013
*) Security: a stack-based buffer overflow might occur in a worker
process while handling a specially crafted request, potentially
resulting in arbitrary code execution (CVE-2013-2028); the bug had
appeared in 1.3.9.
Thanks to Greg MacManus, iSIGHT Partners Labs.
--
Maxim Dounin
http://nginx.org/en/donation.html