FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

nginx -- multiple vulnerabilities

Affected packages
1.2.0,1 <= nginx <= 1.2.8,1
1.3.0,1 <= nginx < 1.4.1,1
1.1.4 <= nginx-devel <= 1.2.8
1.3.0 <= nginx-devel < 1.5.0

Details

VuXML ID efaa4071-b700-11e2-b1b9-f0def16c5c1b
Discovery 2013-05-07
Entry 2013-05-07
Modified 2013-05-16

The nginx project reports:

A stack-based buffer overflow might occur in a worker process process while handling a specially crafted request, potentially resulting in arbitrary code execution. [CVE-2013-2028]

A security problem related to CVE-2013-2028 was identified, affecting some previous nginx versions if proxy_pass to untrusted upstream HTTP servers is used.

The problem may lead to a denial of service or a disclosure of a worker process memory on a specially crafted response from an upstream proxied server. [CVE-2013-2070]

References

CVE Name CVE-2013-2028
CVE Name CVE-2013-2070
URL http://mailman.nginx.org/pipermail/nginx-announce/2013/000112.html
URL http://mailman.nginx.org/pipermail/nginx-announce/2013/000114.html