GLSA-201406-20 : nginx: Arbitrary code execution
Medium Nessus Plugin ID 76179
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-201406-20 (nginx: Arbitrary code execution)
A bug in the SPDY implementation in nginx was found which might cause a heap memory buffer overflow in a worker process by using a specially crafted request. The SPDY implementation is not enabled in default configurations.
A remote attacker could cause execution of arbitrary code by using a specially crafted request.
Disable the spdy module in NGINX_MODULES_HTTP.
SolutionAll nginx users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=www-servers/nginx-1.4.7'