nginx -- multiple vulnerabilities

2013-05-07T00:00:00
ID EFAA4071-B700-11E2-B1B9-F0DEF16C5C1B
Type freebsd
Reporter FreeBSD
Modified 2013-05-16T00:00:00

Description

The nginx project reports:

A stack-based buffer overflow might occur in a worker process process while handling a specially crafted request, potentially resulting in arbitrary code execution. [CVE-2013-2028] A security problem related to CVE-2013-2028 was identified, affecting some previous nginx versions if proxy_pass to untrusted upstream HTTP servers is used. The problem may lead to a denial of service or a disclosure of a worker process memory on a specially crafted response from an upstream proxied server. [CVE-2013-2070]