Mercurial > hg > nginx-site

view xml/en/security_advisories.xml @ 2083:fb5eef3637a4

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Avoid double negative in if_not_empty. Use of "not" and "until" in the same sentence makes it confusing. Moreover, use of "until" with something that doesn't describe an event or point in time is wrong.
author Sergey Kandaurov <pluknet@nginx.com>
date Mon, 11 Dec 2017 19:15:31 +0300
parents cf8d95bfcf72
children 3fa4584907b8
line wrap: on
line source

<!--
  Copyright (C) Igor Sysoev
  Copyright (C) Nginx, Inc.
  -->

<!DOCTYPE article SYSTEM "../../dtd/article.dtd">

<article name="nginx security advisories"
         link="/en/security_advisories.html"
         lang="en"
         rev="1">

<section>

<para>
All nginx security issues should be reported to
<link url="mailto:security-alert@nginx.org">security-alert@nginx.org</link>.
</para>

<para>
Patches are signed using one of the
<link doc="pgp_keys.xml">PGP public keys</link>.
</para>

<security>

<item name="Integer overflow in the range filter"
      severity="medium"
      advisory="http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html"
      cve="2017-7529"
      good="1.13.3+, 1.12.1+"
      vulnerable="0.5.6-1.13.2">
<patch name="patch.2017.ranges.txt" />
</item>

<item name="NULL pointer dereference while writing client request body"
      severity="medium"
      advisory="http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html"
      cve="2016-4450"
      good="1.11.1+, 1.10.1+"
      vulnerable="1.3.9-1.11.0">
<patch name="patch.2016.write.txt" versions="1.9.13-1.11.0" />
<patch name="patch.2016.write2.txt" versions="1.3.9-1.9.12" />
</item>

<item name="Invalid pointer dereference in resolver"
      severity="medium"
      advisory="http://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html"
      cve="2016-0742"
      good="1.9.10+, 1.8.1+"
      vulnerable="0.6.18-1.9.9" />

<item name="Use-after-free during CNAME response processing in resolver"
      severity="medium"
      advisory="http://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html"
      cve="2016-0746"
      good="1.9.10+, 1.8.1+"
      vulnerable="0.6.18-1.9.9" />

<item name="Insufficient limits of CNAME resolution in resolver"
      severity="medium"
      advisory="http://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html"
      cve="2016-0747"
      good="1.9.10+, 1.8.1+"
      vulnerable="0.6.18-1.9.9" />

<item name="SSL session reuse vulnerability"
      severity="medium"
      advisory="http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html"
      cve="2014-3616"
      good="1.7.5+, 1.6.2+"
      vulnerable="0.5.6-1.7.4">
</item>

<item name="STARTTLS command injection"
      severity="medium"
      advisory="http://mailman.nginx.org/pipermail/nginx-announce/2014/000144.html"
      cve="2014-3556"
      good="1.7.4+, 1.6.1+"
      vulnerable="1.5.6-1.7.3">
<patch name="patch.2014.starttls.txt" />
</item>

<item name="SPDY heap buffer overflow"
      severity="major"
      advisory="http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html"
      cve="2014-0133"
      good="1.5.12+, 1.4.7+"
      vulnerable="1.3.15-1.5.11">
<patch name="patch.2014.spdy2.txt" />
</item>

<item name="SPDY memory corruption"
      severity="major"
      advisory="http://mailman.nginx.org/pipermail/nginx-announce/2014/000132.html"
      cve="2014-0088"
      good="1.5.11+"
      vulnerable="1.5.10">
<patch name="patch.2014.spdy.txt" />
</item>

<item name="Request line parsing vulnerability"
      severity="medium"
      advisory="http://mailman.nginx.org/pipermail/nginx-announce/2013/000125.html"
      cve="2013-4547"
      good="1.5.7+, 1.4.4+"
      vulnerable="0.8.41-1.5.6">
<patch name="patch.2013.space.txt" />
</item>

<item name="Memory disclosure with specially crafted HTTP backend responses"
      severity="medium"
      advisory="http://mailman.nginx.org/pipermail/nginx-announce/2013/000114.html"
      cve="2013-2070"
      good="1.5.0+, 1.4.1+, 1.2.9+"
      vulnerable="1.1.4-1.2.8, 1.3.9-1.4.0">
<patch name="patch.2013.chunked.txt" versions="1.3.9-1.4.0" />
<patch name="patch.2013.proxy.txt" versions="1.1.4-1.2.8" />
</item>

<item name="Stack-based buffer overflow with specially crafted request"
      severity="major"
      advisory="http://mailman.nginx.org/pipermail/nginx-announce/2013/000112.html"
      cve="2013-2028"
      good="1.5.0+, 1.4.1+"
      vulnerable="1.3.9-1.4.0">
<patch name="patch.2013.chunked.txt" />
</item>

<item name="Vulnerabilities with Windows directory aliases"
      severity="medium"
      advisory="http://mailman.nginx.org/pipermail/nginx-announce/2012/000086.html"
      cve="2011-4963"
      good="1.3.1+, 1.2.1+"
      vulnerable="nginx/Windows 0.7.52-1.3.0" />

<item name="Buffer overflow in the ngx_http_mp4_module"
      severity="major"
      advisory="http://mailman.nginx.org/pipermail/nginx-announce/2012/000080.html"
      cve="2012-2089"
      good="1.1.19+, 1.0.15+"
      vulnerable="1.1.3-1.1.18, 1.0.7-1.0.14">
<patch name="patch.2012.mp4.txt" />
</item>

<item name="Memory disclosure with specially crafted backend responses"
      severity="major"
      advisory="http://mailman.nginx.org/pipermail/nginx-announce/2012/000076.html"
      cve="2012-1180"
      good="1.1.17+, 1.0.14+"
      vulnerable="0.1.0-1.1.16">
<patch name="patch.2012.memory.txt" />
</item>

<item name="Buffer overflow in resolver"
      severity="medium"
      cve="2011-4315"
      good="1.1.8+, 1.0.10+"
      vulnerable="0.6.18-1.1.7" />

<item name="Vulnerabilities with invalid UTF-8 sequence on Windows"
      severity="major"
      cve="2010-2266"
      good="0.8.41+, 0.7.67+"
      vulnerable="nginx/Windows 0.7.52-0.8.40" />

<item name="Vulnerabilities with Windows file default stream"
      severity="major"
      cve="2010-2263"
      good="0.8.40+, 0.7.66+"
      vulnerable="nginx/Windows 0.7.52-0.8.39" />

<item name="Vulnerabilities with Windows 8.3 filename pseudonyms"
      severity="major"
      core="CORE-2010-0121"
      href="http://www.coresecurity.com/content/filename-pseudonyms-vulnerabilities"
      good="0.8.33+, 0.7.65+"
      vulnerable="nginx/Windows 0.7.52-0.8.32" />

<item name="An error log data are not sanitized"
      severity="none"
      cve="2009-4487"
      good="none"
      vulnerable="all" />

<item name="The renegotiation vulnerability in SSL protocol"
      severity="major"
      cert="120541"
      cve="2009-3555"
      good="0.8.23+, 0.7.64+"
      vulnerable="0.1.0-0.8.22">
<patch name="patch.cve-2009-3555.txt" />
</item>

<item name="Directory traversal vulnerability"
      severity="minor"
      cve="2009-3898"
      good="0.8.17+, 0.7.63+"
      vulnerable="0.1.0-0.8.16" />

<item name="Buffer underflow vulnerability"
      severity="major"
      cert="180065"
      cve="2009-2629"
      good="0.8.15+, 0.7.62+, 0.6.39+, 0.5.38+"
      vulnerable="0.1.0-0.8.14">
<patch name="patch.180065.txt" />
</item>

<item name="Null pointer dereference vulnerability"
      severity="major"
      cve="2009-3896"
      good="0.8.14+, 0.7.62+, 0.6.39+, 0.5.38+"
      vulnerable="0.1.0-0.8.13">
<patch name="patch.null.pointer.txt" />
</item>

</security>

</section>

</article>