[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1024-1] nginx security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : nginx
Version        : 1.2.1-2.2+wheezy4+deb7u1
CVE ID         : CVE-2017-7529
Debian Bug     : #868109

It was discovered that there was vulnerability in the range filter of nginx, a
web/proxy server. A specially crafted request might result in an integer
overflow and incorrect processing of HTTP ranges, potentially resulting in a
sensitive information leak.

For Debian 7 "Wheezy", this issue has been fixed in nginx version
1.2.1-2.2+wheezy4+deb7u1.

We recommend that you upgrade your nginx packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAllnK9YACgkQHpU+J9Qx
HliX5A//dPavm2srbLpx/CUhR2fJoy3fOK7+tbVc/5o/fNMCZD2mrHnvBKvxjoDP
6MDpgHdaqwRYh5hX2z5S2JPCLC+7DMT66AN790KOPPiM04Xm2Ob7h27x5wAf+lsM
J31fuEiJmb+ovgyERwVnk5SpWxrfu5YVXaEfyUCbVDQ03LS6Fx/Qnhb9OlVlpRx0
ZD0HISjcHi7oJ8lXEhTEfEs6et3B+lO3MaZKeXdx74N3gqjo1U9sFcfVlxdw0AZ+
l+ofOxwSlLftJ7NyhhpDQmsONaCrwZE9srRtFX8EFuHF3RbKp8iBxOX6Wf2id/W0
KwKuMe6XbqwuFBm7jpbotAnGPIGa5JPoSQuaclMao5e69KvepFr1Z0QtG65tQidh
sTNhuhgA4qZMRxUsobg1szxzc464mzHKpxcVwMTqXxbDCvFBAsBMtO5Djumtkg0G
XDpAI0VQeyjju1aVESNL9kXAmtSGnUiCioo8Y+iJNGXinsljOh5WsK7HMshweCQD
O39EJqS/OTRkHqZRJJeedEdv5OrrZxYHBm/gcmAW5ee68nVuD6mLrwQhdBAXW4tf
hPn91J1++FLrS2wblBPIFyUptk+/hgorFPuBw4rLU0JadA6RWvwAwuvRJUTBD2xZ
w8bPH1RE/7LT/X3ZXcH5O8Hbmu2u81mZ7RIL/URzjG2Snl+uFcI=
=A9Fe
-----END PGP SIGNATURE-----
Reply to: