[SECURITY] Fedora 18 Update: nginx-1.2.9-1.fc18
updates at fedoraproject.org
updates at fedoraproject.org
Thu May 23 12:24:19 UTC 2013
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2013-8182
2013-05-15 02:36:28
--------------------------------------------------------------------------------
Name : nginx
Product : Fedora 18
Version : 1.2.9
Release : 1.fc18
URL : http://nginx.org/
Summary : A high performance web server and reverse proxy server
Description :
Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and
IMAP protocols, with a strong focus on high concurrency, performance and low
memory usage.
--------------------------------------------------------------------------------
Update Information:
Update to upstream release 1.2.9 which fixes:
* CVE-2013-2070 "denial of service or memory disclosure when using proxy_pass"
fix build on platforms without gperftools
Update to upstream release 1.4.0, which includes support for proxying of WebSocket connections, OCSP stapling, SPDY module, gunzip filter and more.
Build with "--with-debug" to enable optional debugging
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 13 2013 Jamie Nguyen <jamielinux at fedoraproject.org> - 1:1.2.9-1
- update to upstream release 1.2.9 which fixes CVE-2013-2070: "denial of
service or memory disclosure when using proxy_pass" (#962525, #962526),
which is related to CVE-2013-2028 affecting nginx 1.4.0
* Sun Apr 28 2013 Dan HorĂ¡k <dan[at]danny.cz> - 1:1.2.8-3
- gperftools exist only on selected arches
* Fri Apr 26 2013 Jamie Nguyen <jamielinux at fedoraproject.org> - 1:1.2.8-2
- enable google perftools module and add gperftools-devel to BR
- enable debugging (#956845)
- trim changelog
* Tue Apr 2 2013 Jamie Nguyen <jamielinux at fedoraproject.org> - 1:1.2.8-1
- update to upstream release 1.2.8
* Fri Feb 22 2013 Jamie Nguyen <jamielinux at fedoraproject.org> - 1:1.2.7-2
- make sure nginx directories are not world readable (#913724, #913735)
* Sat Feb 16 2013 Jamie Nguyen <jamielinux at fedoraproject.org> - 1:1.2.7-1
- update to upstream release 1.2.7
- add .asc file
* Tue Feb 5 2013 Jamie Nguyen <jamielinux at fedoraproject.org> - 1:1.2.6-6
- use 'kill' instead of 'systemctl' when rotating log files to workaround
SELinux issue (#889151)
* Wed Jan 23 2013 Jamie Nguyen <jamielinux at fedoraproject.org> - 1:1.2.6-5
- uncomment "include /etc/nginx/conf.d/*.conf by default but leave the
conf.d directory empty (#903065)
* Wed Jan 23 2013 Jamie Nguyen <jamielinux at fedoraproject.org> - 1:1.2.6-4
- add comment in nginx.conf regarding "include /etc/nginf/conf.d/*.conf"
(#903065)
* Wed Dec 19 2012 Jamie Nguyen <jamielinux at fedoraproject.org> - 1:1.2.6-3
- use correct file ownership when rotating log files
* Tue Dec 18 2012 Jamie Nguyen <jamielinux at fedoraproject.org> - 1:1.2.6-2
- send correct kill signal and use correct file permissions when rotating
log files (#888225)
- send correct kill signal in nginx-upgrade
* Tue Dec 11 2012 Jamie Nguyen <jamielinux at fedoraproject.org> - 1:1.2.6-1
- update to upstream release 1.2.6
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #962525 - CVE-2013-2070 nginx: denial of service or memory disclosure when using proxy_pass
https://bugzilla.redhat.com/show_bug.cgi?id=962525
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update nginx' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list