openSUSE Security Update : nginx (openSUSE-SU-2014:0450-1)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

nginx was updated to 1.4.7 to fix bugs and security issues.

Fixed security issues :

- CVE-2014-0133: nginx:heap-based buffer overflow in SPDY
implementation

New upstream release 1.4.7 (bnc#869076) (CVE-2014-0133)

*) Security: a heap memory buffer overflow might occur in a worker
process while handling a specially crafted request by
ngx_http_spdy_module, potentially resulting in arbitrary code
execution (CVE-2014-0133). Thanks to Lucas Molas, researcher at
Programa STIC, Fundación Dr. Manuel Sadosky, Buenos Aires,
Argentina.

*) Bugfix: in the 'fastcgi_next_upstream' directive. Thanks
to Lucas Molas.

*) Bugfix: the 'client_max_body_size' directive might not
work when reading a request body using chunked transfer
encoding; the bug had appeared in 1.3.9. Thanks to Lucas
Molas.

*) Bugfix: a segmentation fault might occur in a worker
process when proxying WebSocket connections.

*) Bugfix: the $ssl_session_id variable contained full
session serialized instead of just a session id. Thanks to
Ivan Ristić.

*) Bugfix: client connections might be immediately closed if
deferred accept was used; the bug had appeared in 1.3.15.

*) Bugfix: alerts 'zero size buf in output' might appear in
logs while proxying; the bug had appeared in 1.3.9.

*) Bugfix: a segmentation fault might occur in a worker
process if the ngx_http_spdy_module was used.

*) Bugfix: proxied WebSocket connections might hang right
after handshake if the select, poll, or /dev/poll methods
were used.

*) Bugfix: a timeout might occur while reading client
request body in an SSL connection using chunked transfer
encoding.

*) Bugfix: memory leak in nginx/Windows.

See also :

http://lists.opensuse.org/opensuse-updates/2014-03/msg00095.html
https://bugzilla.novell.com/show_bug.cgi?id=869076

Solution :

Update the affected nginx packages.

Risk factor :

Medium / CVSS Base Score : 5.1
(CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 75309 ()

Bugtraq ID:

CVE ID: CVE-2014-0133

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now