Oval Definition:oval:org.mitre.oval:def:13138
Revision Date:2014-06-23Version:20
Title:DSA-1884-1 nginx -- buffer underflow
Description:Chris Ries discovered that nginx, a high-performance HTTP server, reverse proxy and IMAP/POP3 proxy server, is vulnerable to a buffer underflow when processing certain HTTP requests. An attacker can use this to execute arbitrary code with the rights of the worker process or possibly perform denial of service attacks by repeatedly crashing worker processes via a specially crafted URL in an HTTP request. For the oldstable distribution, this problem has been fixed in version 0.4.13-2+etch2. For the stable distribution, this problem has been fixed in version 0.6.32-3+lenny2. For the testing distribution, this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 0.7.61-3. We recommend that you upgrade your nginx packages.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2009-2629
DSA-1884-1
Platform(s):Debian GNU/Linux 4.0
Debian GNU/Linux 5.0
Product(s):nginx
Definition Synopsis
  • Release section
  • Debian GNU/Linux 5.0 is installed
  • AND Supported architectures section
  • Installed architecture is amd64
  • OR Installed architecture is sparc
  • OR Installed architecture is arm
  • OR Installed architecture is i386
  • OR Installed architecture is mips
  • OR Installed architecture is ia64
  • OR Installed architecture is alpha
  • OR Installed architecture is powerpc
  • OR Installed architecture is mipsel
  • OR Installed architecture is hppa
  • AND nginx DPKG is earlier than 0.6.32-3+lenny2
  • OR Release section
  • Debian GNU/Linux 4.0 is installed.
  • AND nginx DPKG is earlier than 0.4.13-2+etch2
    • BACK