thr3ads.net - nginx ru announce - [nginx-ru-announce] nginx security advisory (CVE-2014-0088) [Mar 2014]

If this information is useful, please help other people find it:
Share via:

Maxim Dounin

2014-Mar-04 15:24 UTC

[nginx-ru-announce] nginx security advisory (CVE-2014-0088)

Hello!

âÙÌÁ ÏÂÎÁÒÕÖÅÎÁ ÏÛÉÂËÁ × ÜËÓÐÅÒÉÍÅÎÔÁÌØÎÏÊ ÒÅÁÌÉÚÁÃÉÉ SPDY × nginx
1.5.10, ÉÚ-ÚÁ ËÏÔÏÒÏÊ Ó ÐÏÍÏÝØÀ ÓÐÅÃÉÁÌØÎÏ ÓÏÚÄÁÎÎÏÇÏ ÚÁÐÒÏÓÁ ×
ÎÅËÏÔÏÒÙÈ ÓÌÕÞÁÑÈ ÂÙÌÏ ×ÏÚÍÏÖÎÏ ÐÏ×ÒÅÄÉÔØ ÐÁÍÑÔØ ÒÁÂÏÞÅÇÏ ÐÒÏÃÅÓÓÁ, ÞÔÏ
ÐÏÔÅÎÃÉÁÌØÎÏ ÍÏÇÌÏ ÐÒÉ×ÏÄÉÔØ Ë ×ÙÐÏÌÎÅÎÉÀ ÐÒÏÉÚ×ÏÌØÎÏÇÏ ËÏÄÁ
(CVE-2014-0088).

ðÒÏÂÌÅÍÅ ÐÏÄ×ÅÒÖÅÎ nginx 1.5.10 ÎÁ 32-ÂÉÔÎÙÈ ÐÌÁÔÆÏÒÍÁÈ, ÅÓÌÉ ÏÎ ÓÏÂÒÁÎ
Ó ÍÏÄÕÌÅÍ ngx_http_spdy_module (ÐÏ ÕÍÏÌÞÁÎÉÀ ÎÅ ÓÏÂÉÒÁÅÔÓÑ) É ×
ËÏÎÆÉÇÕÒÁÃÉÏÎÎÏÍ ÆÁÊÌÅ ÉÓÐÏÌØÚÕÅÔÓÑ ÐÁÒÁÍÅÔÒ spdy ÄÉÒÅËÔÉ×Ù listen.

ðÒÏÂÌÅÍÁ ÉÓÐÒÁ×ÌÅÎÁ × nginx 1.5.11.

ðÁÔÞ, ÉÓÐÒÁ×ÌÑÀÝÉÊ ÐÒÏÂÌÅÍÕ, ÄÏÓÔÕÐÅÎ ÔÕÔ:

http://nginx.org/download/patch.2014.spdy.txt

óÐÁÓÉÂÏ Lucas Molas ÉÚ Programa STIC, Fundaci?n Dr. Manuel Sadosky,
Buenos Aires, Argentina.


-- 
Maxim Dounin
http://nginx.org/en/donation.html

nginx ru announce - Mar 2014 - nginx security advisory (CVE-2014-0088)

[nginx-ru-announce] nginx security advisory (CVE-2014-0088)