A vulnerability has been found in nginx which may allow execution of arbitrary code.
|Package||www-servers/nginx on all architectures|
|Affected versions||< 1.4.7|
|Unaffected versions||>= 1.4.7|
nginx is a robust, small, and high performance HTTP and reverse proxy server.
A bug in the SPDY implementation in nginx was found which might cause a heap memory buffer overflow in a worker process by using a specially crafted request. The SPDY implementation is not enabled in default configurations.
A remote attacker could cause execution of arbitrary code by using a specially crafted request.
Disable the spdy module in NGINX_MODULES_HTTP.
All nginx users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.4.7"
June 22, 2014
June 22, 2014: 1