Advisories » MGASA-2014-0136

Updated nginx package fixes security vulnerability

Publication date: 19 Mar 2014
Modification date: 19 Mar 2014
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-0133

Description

A bug in the experimental SPDY implementation in nginx was found, which
might allow an attacker to cause a heap memory buffer overflow in a
worker process by using a specially crafted request, potentially
resulting in arbitrary code execution (CVE-2014-0133).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=13044
• http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html
• http://nginx.org/en/CHANGES-1.4
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0133

SRPMS

4/core

• nginx-1.4.7-1.mga4