Debian Security Advisory
DSA-2802-1 nginx -- restriction bypass
- Date Reported:
- 21 Nov 2013
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 730012.
In Mitre's CVE dictionary: CVE-2013-4547.
- More information:
Ivan Fratric of the Google Security Team discovered a bug in nginx, a web server, which might allow an attacker to bypass security restrictions by using a specially crafted request.
The oldstable distribution (squeeze) is not affected by this problem.
For the stable distribution (wheezy), this problem has been fixed in version 1.2.1-2.2+wheezy2.
For the unstable distribution (sid), this problem has been fixed in version 1.4.4-1.
We recommend that you upgrade your nginx packages.