[arch-security] [nginx] CVE-2014-0133: SPDY heap buffer overflow

18 Mar 2014

      Hello,

CVE-2014-0133 was announced for Nginx between version 1.3.15 and 1.5.11.

Solution:
Upgrade [community] nginx to 1.4.7.

Summary (fetched from nginx change log):
CVE-2014-0133
A heap memory buffer overflow might occur in a worker
process while handling a specially crafted request by
ngx_http_spdy_module, potentially resulting in arbitrary code
execution.

Links:
http://nginx.org/en/CHANGES-1.4
http://nginx.org/en/security_advisories.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0133

Lance Chen