[ MDVSA-2015:094 ] nginx

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:094
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : nginx
 Date    : March 28, 2015
 Affected: Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Updated nginx package fixes security vulnerabilities:
 
 A bug in the experimental SPDY implementation in nginx was found,
 which might allow an attacker to cause a heap memory buffer overflow
 in a worker process by using a specially crafted request, potentially
 resulting in arbitrary code execution (CVE-2014-0133).
 
 Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that
 it was possible to reuse cached SSL sessions in unrelated contexts,
 allowing virtual host confusion attacks in some configurations by an
 attacker

007 Software

[ MDVSA-2015:094 ] nginx

Leave a Reply Cancel reply

Software and Security Information