nginx: Multiple vulnerabilities — GLSA 201203-22

Multiple vulnerabilities have been found in nginx, the worst of which may allow execution of arbitrary code.

Affected packages

www-servers/nginx on all architectures
Affected versions < 1.0.14
Unaffected versions >= 1.0.14

Background

nginx is a robust, small, and high performance HTTP and reverse proxy server.

Description

Multiple vulnerabilities have been found in nginx:

  • The TLS protocol does not properly handle session renegotiation requests (CVE-2009-3555).
  • The "ngx_http_process_request_headers()" function in ngx_http_parse.c could cause a NULL pointer dereference (CVE-2009-3896).
  • nginx does not properly sanitize user input for the the WebDAV COPY or MOVE methods (CVE-2009-3898).
  • The "ngx_resolver_copy()" function in ngx_resolver.c contains a boundary error which could cause a heap-based buffer overflow (CVE-2011-4315).
  • nginx does not properly parse HTTP header responses which could expose sensitive information (CVE-2012-1180).

Impact

A remote attacker could possibly execute arbitrary code with the privileges of the nginx process, cause a Denial of Service condition, create or overwrite arbitrary files, or obtain sensitive information.

Workaround

There is no known workaround at this time.

Resolution

All nginx users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.0.14"
 

References

Release date
March 28, 2012

Latest revision
March 28, 2012: 1

Severity
high

Exploitable
remote

Bugzilla entries