Security Information / 2013 / Security Information -- DSA-2802-1 nginx

Debian Security Advisory

DSA-2802-1 nginx -- restriction bypass

Date Reported:

21 Nov 2013

Affected Packages:

nginx

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 730012.
In Mitre's CVE dictionary: CVE-2013-4547.

More information:

Ivan Fratric of the Google Security Team discovered a bug in nginx, a web server, which might allow an attacker to bypass security restrictions by using a specially crafted request.

The oldstable distribution (squeeze) is not affected by this problem.

For the stable distribution (wheezy), this problem has been fixed in version 1.2.1-2.2+wheezy2.

For the unstable distribution (sid), this problem has been fixed in version 1.4.4-1.

We recommend that you upgrade your nginx packages.