[arch-security] [nginx] CVE-2014-0133: SPDY heap buffer overflow
Hello, CVE-2014-0133 was announced for Nginx between version 1.3.15 and 1.5.11. Solution: Upgrade [community] nginx to 1.4.7. Summary (fetched from nginx change log): CVE-2014-0133 A heap memory buffer overflow might occur in a worker process while handling a specially crafted request by ngx_http_spdy_module, potentially resulting in arbitrary code execution. Links: http://nginx.org/en/CHANGES-1.4 http://nginx.org/en/security_advisories.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0133 Lance Chen
Great work, Lance. Please add this entry to the Documented Resolved CVE-2014 table. https://wiki.archlinux.org/index.php/CVE-2014#Documented_Resolved_CVE.27s
Hello Billy, Thanks for the reminder. I've added an entry. However, I'm not so sure about what to put into the column Update/Bug and Time Vulnerable. Would you please check it out? Lance Chen
Hi Lance. You raise good questions, ones that I myself have as well. I'm going to start a draft regarding some of these issues and request feedback. The method for determining those columns needs to be clearly documented on the wiki. BW
participants (2)
-
Billy McCann
-
Lance Chen