openSUSE Security Update : nginx (openSUSE-SU-2014:0450-1)
Medium Nessus Plugin ID 75309
SynopsisThe remote openSUSE host is missing a security update.
Descriptionnginx was updated to 1.4.7 to fix bugs and security issues.
Fixed security issues :
- CVE-2014-0133: nginx:heap-based buffer overflow in SPDY implementation
New upstream release 1.4.7 (bnc#869076) (CVE-2014-0133)
*) Security: a heap memory buffer overflow might occur in a worker process while handling a specially crafted request by ngx_http_spdy_module, potentially resulting in arbitrary code execution (CVE-2014-0133). Thanks to Lucas Molas, researcher at Programa STIC, Fundación Dr. Manuel Sadosky, Buenos Aires, Argentina.
*) Bugfix: in the 'fastcgi_next_upstream' directive. Thanks to Lucas Molas.
*) Bugfix: the 'client_max_body_size' directive might not work when reading a request body using chunked transfer encoding; the bug had appeared in 1.3.9. Thanks to Lucas Molas.
*) Bugfix: a segmentation fault might occur in a worker process when proxying WebSocket connections.
*) Bugfix: the $ssl_session_id variable contained full session serialized instead of just a session id. Thanks to Ivan Ristić.
*) Bugfix: client connections might be immediately closed if deferred accept was used; the bug had appeared in 1.3.15.
*) Bugfix: alerts 'zero size buf in output' might appear in logs while proxying; the bug had appeared in 1.3.9.
*) Bugfix: a segmentation fault might occur in a worker process if the ngx_http_spdy_module was used.
*) Bugfix: proxied WebSocket connections might hang right after handshake if the select, poll, or /dev/poll methods were used.
*) Bugfix: a timeout might occur while reading client request body in an SSL connection using chunked transfer encoding.
*) Bugfix: memory leak in nginx/Windows.
SolutionUpdate the affected nginx packages.