thr3ads.net - nginx ru announce - [nginx-ru-announce] nginx security advisory (CVE-2014-0133) [Mar 2014]

If this information is useful, please help other people find it:
Share via:

Maxim Dounin

2014-Mar-18 16:45 UTC

[nginx-ru-announce] nginx security advisory (CVE-2014-0133)

Hello!

âÙÌÁ ÏÂÎÁÒÕÖÅÎÁ ÏÛÉÂËÁ × ÜËÓÐÅÒÉÍÅÎÔÁÌØÎÏÊ ÒÅÁÌÉÚÁÃÉÉ SPDY × nginx,
ÉÚ-ÚÁ ËÏÔÏÒÏÊ Ó ÐÏÍÏÝØÀ ÓÐÅÃÉÁÌØÎÏ ÓÏÚÄÁÎÎÏÇÏ ÚÁÐÒÏÓÁ × ÎÅËÏÔÏÒÙÈ
ÓÌÕÞÁÑÈ ÂÙÌÏ ×ÏÚÍÏÖÎÏ ×ÙÚÙ×ÁÔØ ÐÅÒÅÐÏÌÎÅÎÉÅ ÂÕÆÅÒÁ × ÒÁÂÏÞÅÍ ÐÒÏÃÅÓÓÅ,
ÞÔÏ ÐÏÔÅÎÃÉÁÌØÎÏ ÍÏÇÌÏ ÐÒÉ×ÏÄÉÔØ Ë ×ÙÐÏÌÎÅÎÉÀ ÐÒÏÉÚ×ÏÌØÎÏÇÏ ËÏÄÁ
(CVE-2014-0133).

ðÒÏÂÌÅÍÅ ÐÏÄ×ÅÒÖÅÎ nginx 1.3.15 - 1.5.11, ÅÓÌÉ ÏÎ ÓÏÂÒÁÎ Ó ÍÏÄÕÌÅÍ
ngx_http_spdy_module (ÐÏ ÕÍÏÌÞÁÎÉÀ ÎÅ ÓÏÂÉÒÁÅÔÓÑ), ÂÅÚ ÐÁÒÁÍÅÔÒÁ
--with-debug, É ÐÒÉ ÜÔÏÍ × ËÏÎÆÉÇÕÒÁÃÉÏÎÎÏÍ ÆÁÊÌÅ ÉÓÐÏÌØÚÕÅÔÓÑ ÐÁÒÁÍÅÔÒ
spdy ÄÉÒÅËÔÉ×Ù listen.

ðÒÏÂÌÅÍÁ ÉÓÐÒÁ×ÌÅÎÁ × nginx 1.5.12, 1.4.7.

ðÁÔÞ, ÉÓÐÒÁ×ÌÑÀÝÉÊ ÐÒÏÂÌÅÍÕ, ÄÏÓÔÕÐÅÎ ÔÕÔ:

http://nginx.org/download/patch.2014.spdy2.txt

óÐÁÓÉÂÏ Lucas Molas ÉÚ Programa STIC, Fundaci?n Dr. Manuel Sadosky,
Buenos Aires, Argentina.


-- 
Maxim Dounin
http://nginx.org/en/donation.html

nginx ru announce - Mar 2014 - nginx security advisory (CVE-2014-0133)

[nginx-ru-announce] nginx security advisory (CVE-2014-0133)