we are running nginx 0.8.54, I’m trying to pass PCI compliance testing
they say this is vulnerable to a buffer overflow.
however when i try and find out if it is i can’t seem to find out.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4315
http://www.securityfocus.com/bid/50710
these links don’t show that my version has this flaw.
i’m hoping there is a link to show that this version is safe.
Thanks
Stephen
You are running a release which dates back to December 2010. The last
relase in the 0.8 train is from July 2011, while CVE-2011-4315 was fixed
in November 2011. You can assume your version is vulnerable.
If you can’t upgrade to current stable you will need to backport the
bugfix to 0.8.
CVE-2011-4315 is missing on the nginx security advisories on nginx.org,
can someone add it?
BR,
Lukas
bummer. well thanks again
Stephen
On Apr 13, 2012, at 2:20 AM, Lukas T. wrote:
You are running a release which dates back to December 2010. The last relase in
the 0.8 train is from July 2011, while CVE-2011-4315 was fixed in November 2011.
You can assume your version is vulnerable.If you can’t upgrade to current stable you will need to backport the bugfix to
0.8.CVE-2011-4315 is missing on the nginx security advisories on nginx.org, can
someone add it?
Thanks for spotting it’s missing, we’ll add it.
On Fri, Apr 13, 2012 at 01:04:56AM +0200, Lukas T. wrote:
Here is the bugfix: http://trac.nginx.org/nginx/changeset/4268/nginx
Don’t know the patch can by applied 1:1 on 0.8 though.
The patch is suitable for 0.8.
–
Igor S.
Here is the bugfix: Changeset 4268:25ddf6afc0ff – nginx
Don’t know the patch can by applied 1:1 on 0.8 though.
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs