thr3ads.net - nginx ru announce - [nginx-ru-announce] nginx security advisory (CVE-2013-2070) [May 2013]

If this information is useful, please help other people find it:
Share via:

Maxim Dounin

2013-May-13 11:33 UTC

[nginx-ru-announce] nginx security advisory (CVE-2013-2070)

Hello!

âÙÌÁ ÏÂÎÁÒÕÖÅÎÁ Ó×ÑÚÁÎÎÁÑ Ó CVE-2013-2028 ÐÒÏÂÌÅÍÁ ÂÅÚÏÐÁÓÎÏÓÔÉ,
ÚÁÔÒÁÇÉ×ÁÀÝÁÑ ÎÅËÏÔÏÒÙÅ ÐÒÅÄÙÄÕÝÉÅ ×ÅÒÓÉÉ nginx ÐÒÉ ÉÓÐÏÌØÚÏ×ÁÎÉÉ
proxy_pass Ë ÎÅÄÏ×ÅÒÅÎÎÙÍ HTTP-ÓÅÒ×ÅÒÁÍ.

ðÒÏÂÌÅÍÁ ÍÏÖÅÔ ÐÒÉ×ÏÄÉÔØ Ë ÏÔËÁÚÕ × ÏÂÓÌÕÖÉ×ÁÎÉÉ ÉÌÉ Ë ÏÔÐÒÁ×ËÅ ËÌÉÅÎÔÕ
ÓÏÄÅÒÖÉÍÏÇÏ ÐÁÍÑÔÉ ÒÁÂÏÞÅÇÏ ÐÒÏÃÅÓÓÁ, ÅÓÌÉ ÂÜËÅÎÄ ×ÅÒÎ£Ô ÓÐÅÃÉÁÌØÎÏ
ÓÏÚÄÁÎÎÙÊ ÏÔ×ÅÔ.

ðÒÏÂÌÅÍÅ ÐÏÄ×ÅÒÖÅÎÙ ×ÅÒÓÉÉ nginx 1.1.4 - 1.2.8, 1.3.0 - 1.4.0.

ðÒÏÂÌÅÍÁ ÕÖÅ ÉÓÐÒÁ×ÌÅÎÁ × nginx 1.5.0, 1.4.1.  äÌÑ ÉÓÐÒÁ×ÌÅÎÉÑ ÐÒÏÂÌÅÍÙ
× ÕÓÔÁÒÅ×ÛÅÊ ×ÅÔËÅ 1.2.x ×ÙÐÕÝÅÎÁ ×ÅÒÓÉÑ 1.2.9.

ðÁÔÞ ÄÌÑ nginx 1.3.9 - 1.4.0 ÔÏÔ ÖÅ, ÞÔÏ É ÄÌÑ CVE-2013-2028:

http://nginx.org/download/patch.2013.chunked.txt

ðÁÔÞ ÄÌÑ ÂÏÌÅÅ ÓÔÁÒÙÈ ×ÅÒÓÉÊ nginx (1.1.4 - 1.2.8, 1.3.0 - 1.3.8):

http://nginx.org/download/patch.2013.proxy.txt


-- 
Maxim Dounin
http://nginx.org/en/donation.html

nginx ru announce - May 2013 - nginx security advisory (CVE-2013-2070)

[nginx-ru-announce] nginx security advisory (CVE-2013-2070)