DaemonForums  

Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 8th May 2013
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,125
Default NGINX patches major security flaw

From http://h-online.com/-1858438

Quote:
The NGINX developers have released an updated stable version 1.4.1 and development version 1.5.0 to fix a major security flaw in the popular open source web server application. A stack-based buffer overflow is reported to occur in worker processes when handling specially crafted requests – the overflow could be exploited in such a way that it could lead to arbitrary code execution.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #2   (View Single Post)  
Old 9th May 2013
CyberJet's Avatar
CyberJet CyberJet is offline
Real Name: Ramon
BSD Student
 
Join Date: Feb 2009
Location: Miami FL
Posts: 98
Default

Greetings to All!

Would this apply to NGNIX 1.2.6 on OBSD as well?

Regards,...
__________________
Speak softly and carry BSD!
Reply With Quote
  #3   (View Single Post)  
Old 9th May 2013
rocket357's Avatar
rocket357 rocket357 is offline
Real Name: Jonathon
Wannabe OpenBSD porter
 
Join Date: Jun 2010
Location: 127.0.0.1
Posts: 429
Default

"The flaw, now given an identity as CVE-2013-2028, appeared in NGINX 1.3.9, a development branch of the server released in November 2012, and appears to have persisted through development to still be present in April's release of the new stable version. A patch is also available for the flaw, which was found by Greg MacManus of iSIGHT Partners Labs.

The updated versions are available to download from the NGINX site. Given that 1.4.0 has only been available for a few weeks, many sites will likely be running the unaffected older stable branch of NGINX – 1.2 – originally published in April 2012, for which the most recent bug-fix release is version 1.2.8, published at the start of April. This is, however, now deemed a legacy version of NGINX."
__________________
Linux/Network-Security Engineer by Profession. OpenBSD user by choice.
Reply With Quote
  #4   (View Single Post)  
Old 11th May 2013
CyberJet's Avatar
CyberJet CyberJet is offline
Real Name: Ramon
BSD Student
 
Join Date: Feb 2009
Location: Miami FL
Posts: 98
Default

Thank you rocket357!
__________________
Speak softly and carry BSD!
Reply With Quote
  #5   (View Single Post)  
Old 18th May 2013
shep shep is offline
Real Name: Scott
Arp Constable
 
Join Date: May 2008
Location: Dry and Dusty
Posts: 1,503
Default

From OpenBSD Patches for 5.3

Quote:
003: RELIABILITY FIX: May 17, 2013 All architectures
A stack-based buffer overflow might occur in an nginx(8) worker process while handling a specially crafted request, potentially resulting in arbitrary code execution. This issue was assigned CVE-2013-2070.
A source code patch exists which remedies this problem.
Reply With Quote
  #6   (View Single Post)  
Old 18th May 2013
rocket357's Avatar
rocket357 rocket357 is offline
Real Name: Jonathon
Wannabe OpenBSD porter
 
Join Date: Jun 2010
Location: 127.0.0.1
Posts: 429
Default

Different CVE. Original post was for CVE-2013-2028.

Edit - Ehh, seems the two are related, but given different CVE #'s. Not sure why the distinction was made, but CVE-2013-2028 is post-1.2.
__________________
Linux/Network-Security Engineer by Profession. OpenBSD user by choice.
Reply With Quote
  #7   (View Single Post)  
Old 23rd May 2013
shep shep is offline
Real Name: Scott
Arp Constable
 
Join Date: May 2008
Location: Dry and Dusty
Posts: 1,503
Default

More from the OpenBSD Changelog
Quote:
...
Fixed the "right-of-cursor background color is inverted when we do delete-after-cursor" bug on luna88k wscons(4) console.
Preliminary support added for mvme88k MVME180 and MVME181 boards.
nginx(8) security fix for CVE-2013-2028 (see http://mailman.nginx.org/pipermail/n...13/000112.html).
Stopped binutils rejecting "++" and "--" in expressions, as some versions of gcc(1) emit these.
Don't leak usb(4) information to userland in the case where the actual transfer length is smaller than the requested one and the USBD_SHORT_XFER_OK flag is set.
...
http://www.openbsd.org/plus.html
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache developers scramble to fix proxy flaw J65nko News 0 25th November 2011 11:07 AM
Security Security Flaw in the VTE Library vermaden News 0 23rd November 2011 01:26 PM
FreeNAS 8.0.2 fixes major email subsystem bug J65nko News 0 17th October 2011 01:25 PM
Sorry, English major, the engineers have triumphed J65nko News 2 20th February 2010 07:13 AM
Major PF changes have been committed jggimi OpenBSD General 2 1st September 2009 06:25 PM


All times are GMT. The time now is 05:03 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick