diff options
author | nginx <nginx@nginx.org> | 2013-05-13 11:30:14 +0000 |
---|---|---|
committer | Jon Kolb <jon@b0g.us> | 2013-05-13 11:30:14 +0000 |
commit | a1b66faf4aa5bff110cac0f93bbb77abb78658b2 (patch) | |
tree | 210d3bcb5c0e4dffd3666fc69b2084ca2faf045a | |
parent | 3f85d9c48a5764419dcfd4a8903167ba6180c1aa (diff) | |
download | nginx-a1b66faf4aa5bff110cac0f93bbb77abb78658b2.tar.gz |
*) Security: contents of worker process memory might be sent to a client
if HTTP backend returned specially crafted response (CVE-2013-2070);
the bug had appeared in 1.1.4.
-rw-r--r-- | CHANGES | 7 | ||||
-rw-r--r-- | CHANGES.ru | 7 | ||||
-rw-r--r-- | src/core/nginx.h | 4 | ||||
-rw-r--r-- | src/http/modules/ngx_http_proxy_module.c | 4 | ||||
-rw-r--r-- | src/http/modules/perl/nginx.pm | 2 |
5 files changed, 21 insertions, 3 deletions
@@ -1,4 +1,11 @@ +Changes with nginx 1.2.9 13 May 2013 + + *) Security: contents of worker process memory might be sent to a client + if HTTP backend returned specially crafted response (CVE-2013-2070); + the bug had appeared in 1.1.4. + + Changes with nginx 1.2.8 02 Apr 2013 *) Bugfix: new sessions were not always stored if the "ssl_session_cache diff --git a/CHANGES.ru b/CHANGES.ru index 9d3187fe2..33490f76d 100644 --- a/CHANGES.ru +++ b/CHANGES.ru @@ -1,4 +1,11 @@ +Изменения в nginx 1.2.9 13.05.2013 + + *) Безопасность: содержимое памяти рабочего процесса могло быть + отправлено клиенту, если HTTP-бэкенд возвращал специально созданный + ответ (CVE-2013-2070); ошибка появилась в 1.1.4. + + Изменения в nginx 1.2.8 02.04.2013 *) Исправление: при использовании директивы "ssl_session_cache shared" diff --git a/src/core/nginx.h b/src/core/nginx.h index a14187fe6..3d6e756f2 100644 --- a/src/core/nginx.h +++ b/src/core/nginx.h @@ -9,8 +9,8 @@ #define _NGINX_H_INCLUDED_ -#define nginx_version 1002008 -#define NGINX_VERSION "1.2.8" +#define nginx_version 1002009 +#define NGINX_VERSION "1.2.9" #define NGINX_VER "nginx/" NGINX_VERSION #define NGINX_VAR "NGINX" diff --git a/src/http/modules/ngx_http_proxy_module.c b/src/http/modules/ngx_http_proxy_module.c index 977bed73c..0566213db 100644 --- a/src/http/modules/ngx_http_proxy_module.c +++ b/src/http/modules/ngx_http_proxy_module.c @@ -1865,6 +1865,10 @@ data: } + if (ctx->size < 0 || ctx->length < 0) { + goto invalid; + } + return rc; done: diff --git a/src/http/modules/perl/nginx.pm b/src/http/modules/perl/nginx.pm index 27a6f55a4..32684feac 100644 --- a/src/http/modules/perl/nginx.pm +++ b/src/http/modules/perl/nginx.pm @@ -50,7 +50,7 @@ our @EXPORT = qw( HTTP_INSUFFICIENT_STORAGE ); -our $VERSION = '1.2.8'; +our $VERSION = '1.2.9'; require XSLoader; XSLoader::load('nginx', $VERSION); |