buffer overflow CVE-2011-4315

Andrew Alexeev andrew at nginx.com
Fri Apr 13 10:15:52 UTC 2012


On Apr 13, 2012, at 2:20 AM, Lukas Tribus wrote:

> You are running a release which dates back to December 2010. The last relase in the 0.8 train is from July 2011, while CVE-2011-4315 was fixed in November 2011. You can assume your version is vulnerable.
> 
> If you can't upgrade to current stable you will need to backport the bugfix to 0.8.
> 
> 
> CVE-2011-4315 is missing on the nginx security advisories on nginx.org, can someone add it?

Thanks for spotting it's missing, we'll add it.

> BR,
> 
> Lukas
> 
> 
> 
> > Date: Fri, 13 Apr 2012 00:11:23 +0200
> > From: lists at ruby-forum.com
> > To: nginx at nginx.org
> > Subject: buffer overflow CVE-2011-4315
> > 
> > we are running nginx 0.8.54, I'm trying to pass PCI compliance testing
> > they say this is vulnerable to a buffer overflow.
> > 
> > however when i try and find out if it is i can't seem to find out.
> > 
> > http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4315
> > 
> > http://www.securityfocus.com/bid/50710
> > 
> > these links don't show that my version has this flaw.
> > 
> > i'm hoping there is a link to show that this version is safe.
> > 
> > Thanks
> > 
> > Stephen
> > 
> > -- 
> > Posted via http://www.ruby-forum.com/.
> > 
> > _______________________________________________
> > nginx mailing list
> > nginx at nginx.org
> > http://mailman.nginx.org/mailman/listinfo/nginx
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20120413/f480053d/attachment.html>


More information about the nginx mailing list