[arch-security] [nginx] CVE-2014-0133: SPDY heap buffer overflow
Lance Chen
cyen0312 at gmail.com
Tue Mar 18 13:07:20 EDT 2014
Hello,
CVE-2014-0133 was announced for Nginx between version 1.3.15 and 1.5.11.
Solution:
Upgrade [community] nginx to 1.4.7.
Summary (fetched from nginx change log):
CVE-2014-0133
A heap memory buffer overflow might occur in a worker
process while handling a specially crafted request by
ngx_http_spdy_module, potentially resulting in arbitrary code
execution.
Links:
http://nginx.org/en/CHANGES-1.4
http://nginx.org/en/security_advisories.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0133
Lance Chen
More information about the arch-security
mailing list