openSUSE Security Update : nginx (openSUSE-SU-2013:1015-1)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This version update for nginx to 1.2.9 includes a security fix and
several bugfixes and feature enhancements. (bnc#821184)

*) Security: contents of worker process memory might be sent to a
client if HTTP backend returned specially crafted response
(CVE-2013-2070); the bug had appeared in 1.1.4.

- changes with 1.2.8 :

*) Bugfix: new sessions were not always stored if the
'ssl_session_cache shared' directive was used and there
was no free space in shared memory.

*) Bugfix: responses might hang if subrequests were used
and a DNS error happened during subrequest processing.

*) Bugfix: in the ngx_http_mp4_module.

*) Bugfix: in backend usage accounting.

- changes with nginx 1.2.7

*) Change: now if the 'include' directive with mask is
used on Unix systems, included files are sorted in
alphabetical order.

*) Change: the 'add_header' directive adds headers to
201 responses.

*) Feature: the 'geo' directive now supports IPv6
addresses in CIDR notation.

*) Feature: the 'flush' and 'gzip' parameters of the
'access_log' directive.

*) Feature: variables support in the 'auth_basic'
directive.

*) Feature: the $pipe, $request_length, $time_iso8601,
and $time_local variables can now be used not only in
the 'log_format' directive.

*) Feature: IPv6 support in the ngx_http_geoip_module.

*) Bugfix: nginx could not be built with the
ngx_http_perl_module in some cases.

*) Bugfix: a segmentation fault might occur in a worker
process if the ngx_http_xslt_module was used.

*) Bugfix: nginx could not be built on MacOSX in some
cases.

*) Bugfix: the 'limit_rate' directive with high rates
might result in truncated responses on 32-bit platforms.

*) Bugfix: a segmentation fault might occur in a worker
process if the 'if' directive was used.

*) Bugfix: a '100 Continue' response was issued with
'413 Request Entity Too Large' responses.

*) Bugfix: the 'image_filter',
'image_filter_jpeg_quality' and 'image_filter_sharpen'
directives might be inherited incorrectly.

*) Bugfix: 'crypt_r() failed' errors might appear if the
'auth_basic' directive was used on Linux.

*) Bugfix: in backup servers handling.

*) Bugfix: proxied HEAD requests might return incorrect
response if the 'gzip' directive was used.

*) Bugfix: a segmentation fault occurred on start or
during reconfiguration if the 'keepalive' directive was
specified more than once in a single upstream block.

*) Bugfix: in the 'proxy_method' directive.

*) Bugfix: a segmentation fault might occur in a worker
process if resolver was used with the poll method.

*) Bugfix: nginx might hog CPU during SSL handshake with
a backend if the select, poll, or /dev/poll methods were
used.

*) Bugfix: the '[crit] SSL_write() failed (SSL:)' error.

*) Bugfix: in the 'fastcgi_keep_conn' directive.

See also :

http://lists.opensuse.org/opensuse-updates/2013-06/msg00145.html
https://bugzilla.novell.com/show_bug.cgi?id=821184

Solution :

Update the affected nginx packages.

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 75025 ()

Bugtraq ID:

CVE ID: CVE-2013-2070

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now