store | blogs | forums | twitter | facebook | wiki | downloads | support portal
Atomic Secure Linux
It is currently Sat Sep 20, 2014 7:59 pm

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 9 posts ] 
Author Message
 Post subject: nginx
Unread postPosted: Fri Mar 16, 2012 12:07 pm 
Offline
Forum Regular
Forum Regular

Joined: Sat Sep 25, 2010 2:46 pm
Posts: 148
FYI:

__

http://nginx.org/en/CHANGES-1.0

Changes with nginx 1.0.14 15 Mar 2012

Security: content of previously freed memory might be sent to a client if backend returned specially crafted response. Thanks to Matthew Daley.

__

in regards to the repo .12 package.

Thanks.


Top
 Profile  
 
 Post subject: Re: nginx
Unread postPosted: Fri Mar 16, 2012 2:48 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 7901
Location: earth
Another one huh. Thanks for the report!


Top
 Profile  
 
 Post subject: Re: nginx
Unread postPosted: Tue Mar 20, 2012 4:00 pm 
Offline
Forum Regular
Forum Regular

Joined: Sat Sep 25, 2010 2:46 pm
Posts: 148
Thanks for the quick update.


Top
 Profile  
 
 Post subject: Re: nginx
Unread postPosted: Fri Apr 13, 2012 11:29 am 
Offline
Forum Regular
Forum Regular

Joined: Sat Sep 25, 2010 2:46 pm
Posts: 148
FYI, another one:

__

A vulnerability has been reported in nginx, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to an error within the ngx_http_mp4_module module when parsing certain atoms and can be exploited to cause a buffer overflow via a specially crafted MP4 file placed on the server.

Successful exploitation may allow execution of arbitrary code but requires that ngx_http_mp4_module module is enabled and the "mp4" directive is configured.

The vulnerability is reported in versions 1.1.3 through 1.1.18 and 1.0.7 through 1.0.14.

Solution
Update to version 1.1.19 or 1.0.15.

__


Top
 Profile  
 
 Post subject: Re: nginx
Unread postPosted: Fri Apr 13, 2012 12:08 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 3631
Location: Chantilly, VA
Systems running ASL with the ASL kernel are immune to this. If you are not running ASL, or if you are and are not running the ASL kernel then you will need to upgrade nginx.

_________________
Michael Shinn
Atomicorp - Security For Everyone

Co-Author of Troubleshooting Linux Firewalls.


Top
 Profile  
 
 Post subject: Re: nginx
Unread postPosted: Fri Apr 13, 2012 4:06 pm 
Offline
Forum Regular
Forum Regular

Joined: Sat Sep 25, 2010 2:46 pm
Posts: 148
Mike:

Thanks. Figured it wasn't an issue for ASL but was posting in regards to the repo package version.


Top
 Profile  
 
 Post subject: Re: nginx
Unread postPosted: Fri Apr 13, 2012 4:17 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 3631
Location: Chantilly, VA
Wise, not everyone is running ASL, and some ASL users don't use the ASL kernel. We just pushed an nginx update btw.

_________________
Michael Shinn
Atomicorp - Security For Everyone

Co-Author of Troubleshooting Linux Firewalls.


Top
 Profile  
 
 Post subject: Re: nginx
Unread postPosted: Sat Apr 14, 2012 5:04 pm 
Offline
Forum Regular
Forum Regular

Joined: Sat Sep 25, 2010 2:46 pm
Posts: 148
Great, thanks!


Top
 Profile  
 
 Post subject: Re: nginx
Unread postPosted: Fri May 18, 2012 2:40 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 3631
Location: Chantilly, VA
Nginx is now supported in ASL. Please see the configuration guide here:

https://www.atomicorp.com/wiki/index.php/Nginx

_________________
Michael Shinn
Atomicorp - Security For Everyone

Co-Author of Troubleshooting Linux Firewalls.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 9 posts ] 

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group