similar to: nginx security advisory (CVE-2013-2028)

Displaying 20 results from an estimated 3000 matches similar to: "nginx security advisory (CVE-2013-2028)"

2013 May 07
0
nginx-1.4.1
éÚÍÅÎÅÎÉÑ × nginx 1.4.1 07.05.2013 *) âÅÚÏÐÁÓÎÏÓÔØ: ÐÒÉ ÏÂÒÁÂÏÔËÅ ÓÐÅÃÉÁÌØÎÏ ÓÏÚÄÁÎÎÏÇÏ ÚÁÐÒÏÓÁ ÍÏÇ ÐÅÒÅÚÁÐÉÓÙ×ÁÔØÓÑ ÓÔÅË ÒÁÂÏÞÅÇÏ ÐÒÏÃÅÓÓÁ, ÞÔÏ ÍÏÇÌÏ ÐÒÉ×ÏÄÉÔØ Ë ×ÙÐÏÌÎÅÎÉÀ ÐÒÏÉÚ×ÏÌØÎÏÇÏ ËÏÄÁ (CVE-2013-2028); ÏÛÉÂËÁ ÐÏÑ×ÉÌÁÓØ × 1.3.9. óÐÁÓÉÂÏ Greg MacManus, iSIGHT Partners Labs. -- Maxim Dounin
2013 May 07
0
nginx-1.5.0
éÚÍÅÎÅÎÉÑ × nginx 1.5.0 07.05.2013 *) âÅÚÏÐÁÓÎÏÓÔØ: ÐÒÉ ÏÂÒÁÂÏÔËÅ ÓÐÅÃÉÁÌØÎÏ ÓÏÚÄÁÎÎÏÇÏ ÚÁÐÒÏÓÁ ÍÏÇ ÐÅÒÅÚÁÐÉÓÙ×ÁÔØÓÑ ÓÔÅË ÒÁÂÏÞÅÇÏ ÐÒÏÃÅÓÓÁ, ÞÔÏ ÍÏÇÌÏ ÐÒÉ×ÏÄÉÔØ Ë ×ÙÐÏÌÎÅÎÉÀ ÐÒÏÉÚ×ÏÌØÎÏÇÏ ËÏÄÁ (CVE-2013-2028); ÏÛÉÂËÁ ÐÏÑ×ÉÌÁÓØ × 1.3.9. óÐÁÓÉÂÏ Greg MacManus, iSIGHT Partners Labs. -- Maxim Dounin
2013 Mar 26
0
nginx-1.3.15
éÚÍÅÎÅÎÉÑ × nginx 1.3.15 26.03.2013 *) éÚÍÅÎÅÎÉÅ: ÏÔËÒÙÔÉÅ É ÚÁËÒÙÔÉÅ ÓÏÅÄÉÎÅÎÉÑ ÂÅÚ ÏÔÐÒÁ×ËÉ × Î£Í ËÁËÉÈ-ÌÉÂÏ ÄÁÎÎÙÈ ÂÏÌØÛÅ ÎÅ ÚÁÐÉÓÙ×ÁÅÔÓÑ × access_log Ó ËÏÄÏÍ ÏÛÉÂËÉ 400. *) äÏÂÁ×ÌÅÎÉÅ: ÍÏÄÕÌØ ngx_http_spdy_module. óÐÁÓÉÂÏ Automattic ÚÁ ÓÐÏÎÓÉÒÏ×ÁÎÉÅ ÒÁÚÒÁÂÏÔËÉ. *) äÏÂÁ×ÌÅÎÉÅ: ÄÉÒÅËÔÉ×Ù limit_req_status É
2012 Nov 27
0
nginx-1.3.9
Changes with nginx 1.3.9 27 Nov 2012 *) Feature: support for chunked transfer encoding while reading client request body. *) Feature: the $request_time and $msec variables can now be used not only in the "log_format" directive. *) Bugfix: cache manager and cache loader processes might not be able to start if more
2010 Jun 07
0
nginx-0.7.40
Changes with nginx 0.7.66 07 Jun 2010 *) Security: now nginx/Windows ignores default file stream name. Thanks to Jose Antonio Vazquez Gonzalez. *) Change: now the charset filter runs before the SSI filter. *) Change: now no message is written in an error log if a variable is not found by $r->variable() method. *) Change:
2010 Apr 01
0
nginx-0.8.35
Changes with nginx 0.8.35 01 Apr 2010 *) Change: now the charset filter runs before the SSI filter. *) Feature: the "chunked_transfer_encoding" directive. *) Bugfix: an "&" character was not escaped when it was copied in arguments part in a rewrite rule. *) Bugfix: nginx might be terminated abnormally while
2011 May 03
0
nginx-1.0.1
Changes with nginx 1.0.1 03 May 2011 *) Change: now the "split_clients" directive uses MurmurHash2 algorithm because of better distribution. Thanks to Oleg Mamontov. *) Change: now long strings starting with zero are not considered as false values. Thanks to Maxim Dounin. *) Change: now nginx uses a
2011 Jul 19
0
nginx-1.0.5
Changes with nginx 1.0.5 19 Jul 2011 *) Change: now default SSL ciphers are "HIGH:!aNULL:!MD5". Thanks to Rob Stradling. *) Feature: the "referer_hash_max_size" and "referer_hash_bucket_size" directives. Thanks to Witold Filipczyk. *) Feature: $uid_reset variable. *) Bugfix: a
2013 Apr 02
0
nginx-1.2.8
Changes with nginx 1.2.8 02 Apr 2013 *) Bugfix: new sessions were not always stored if the "ssl_session_cache shared" directive was used and there was no free space in shared memory. Thanks to Piotr Sikora. *) Bugfix: responses might hang if subrequests were used and a DNS error happened during subrequest
2024 May 29
0
nginx security advisory (CVE-2024-31079, CVE-2024-32760, CVE-2024-34161, CVE-2024-35200)
Hello! Four security issues were identified in nginx HTTP/3 implementation, which might allow an attacker that uses a specially crafted QUIC session to cause a worker process crash (CVE-2024-31079, CVE-2024-32760, CVE-2024-35200), worker process memory disclosure on systems with MTU larger than 4096 bytes (CVE-2024-34161), or might have potential other impact (CVE-2024-31079, CVE-2024-32760).
2024 May 29
0
nginx security advisory (CVE-2024-31079, CVE-2024-32760, CVE-2024-34161, CVE-2024-35200)
Hello! В реализации HTTP/3 в nginx были обнаружены четыре проблемы, которые позволяют атакующему с помощью специально созданной QUIC-сессии вызвать падение рабочего процесса (CVE-2024-31079, CVE-2024-32760, CVE-2024-35200), отправку клиенту части содержимого памяти рабочего процесса на системах с MTU больше 4096 байт (CVE-2024-34161), а также потенциально могут иметь другие последствия
2024 Aug 14
0
nginx security advisory (CVE-2024-7347)
A security issue was identified in the ngx_http_mp4_module, which might allow an attacker to cause a worker process crash by using a specially crafted mp4 file (CVE-2024-7347). The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the “mp4” directive is used in the configuration file. Further, the attack is only possible if an attacker is
2024 Aug 14
0
nginx security advisory (CVE-2024-7347)
В модуле ngx_http_mp4_module была обнаружена проблема, которая позволяет с помощью специально созданного mp4-файла вызвать падение рабочего процесса (CVE-2024-7347). Проблеме подвержен nginx, если он собран с модулем ngx_http_mp4_module (по умолчанию не собирается) и директива mp4 используется в конфигурационном файле. При этом атака возможна только в случае, если атакующий имеет возможность
2012 Apr 23
0
nginx-1.2.0
éÚÍÅÎÅÎÉÑ × nginx 1.2.0 23.04.2012 *) éÓÐÒÁ×ÌÅÎÉÅ: × ÒÁÂÏÞÅÍ ÐÒÏÃÅÓÓÅ ÍÏÇ ÐÒÏÉÚÏÊÔÉ segmentation fault, ÅÓÌÉ ÉÓÐÏÌØÚÏ×ÁÌÁÓØ ÄÉÒÅËÔÉ×Á try_files; ÏÛÉÂËÁ ÐÏÑ×ÉÌÁÓØ × 1.1.19. *) éÓÐÒÁ×ÌÅÎÉÅ: ÏÔ×ÅÔ ÍÏÇ ÂÙÔØ ÐÅÒÅÄÁÎ ÎÅ ÐÏÌÎÏÓÔØÀ, ÅÓÌÉ ÉÓÐÏÌØÚÏ×ÁÌÏÓØ ÂÏÌØÛÅ IOV_MAX ÂÕÆÅÒÏ×. *) éÓÐÒÁ×ÌÅÎÉÅ: × ÒÁÂÏÔÅ ÐÁÒÁÍÅÔÒÁ crop ÄÉÒÅËÔÉ×Ù
2010 Dec 06
0
nginx-0.9.2
Changes with nginx 0.9.2 06 Dec 2010 *) Feature: the "If-Unmodified-Since" client request header line support. *) Workaround: fallback to accept() syscall if accept4() was not implemented; the issue had appeared in 0.9.0. *) Bugfix: nginx could not be built on Cygwin; the issue had appeared in 0.9.0. *)
2012 Mar 28
0
nginx-1.1.18
éÚÍÅÎÅÎÉÑ × nginx 1.1.18 28.03.2012 *) éÚÍÅÎÅÎÉÅ: ÔÅÐÅÒØ keepalive ÓÏÅÄÉÎÅÎÉÑ ÎÅ ÚÁÐÒÅÝÅÎÙ ÄÌÑ Safari ÐÏ ÕÍÏÌÞÁÎÉÀ. *) äÏÂÁ×ÌÅÎÉÅ: ÐÅÒÅÍÅÎÎÁÑ $connection_requests. *) äÏÂÁ×ÌÅÎÉÅ: ÐÅÒÅÍÅÎÎÙÅ $tcpinfo_rtt, $tcpinfo_rttvar, $tcpinfo_snd_cwnd É $tcpinfo_rcv_space. *) äÏÂÁ×ÌÅÎÉÅ: ÄÉÒÅËÔÉ×Á worker_cpu_affinity ÔÅÐÅÒØ ÒÁÂÏÔÁÅÔ ÎÁ
2013 Feb 12
0
nginx-1.2.7
Changes with nginx 1.2.7 12 Feb 2013 *) Change: now if the "include" directive with mask is used on Unix systems, included files are sorted in alphabetical order. *) Change: the "add_header" directive adds headers to 201 responses. *) Feature: the "geo" directive now supports IPv6 addresses in CIDR
2012 Apr 12
0
nginx-1.0.15
Changes with nginx 1.0.15 12 Apr 2012 *) Security: specially crafted mp4 file might allow to overwrite memory locations in a worker process if the ngx_http_mp4_module was used, potentially resulting in arbitrary code execution (CVE-2012-2089). Thanks to Matthew Daley. *) Bugfix: in the ngx_http_mp4_module. Maxim Dounin
2012 Dec 25
0
nginx-1.3.10
Changes with nginx 1.3.10 25 Dec 2012 *) Change: domain names specified in configuration file are now resolved to IPv6 addresses as well as IPv4 ones. *) Change: now if the "include" directive with mask is used on Unix systems, included files are sorted in alphabetical order. *) Change: the "add_header"
2012 Jan 30
0
nginx-1.1.14
Changes with nginx 1.1.14 30 Jan 2012 *) Feature: multiple "limit_req" limits may be used simultaneously. *) Bugfix: in error handling while connecting to a backend. Thanks to Piotr Sikora. *) Bugfix: in AIO error handling on FreeBSD. *) Bugfix: in the OpenSSL library initialization. *) Bugfix: the