CVE-2013-2070: nginx proxy_pass buffer overflow vulnerability
Bug #1182586 reported by
Thomas Ward
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
nginx (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Precise |
Fix Released
|
Medium
|
Unassigned | ||
Quantal |
Fix Released
|
Medium
|
Unassigned | ||
Raring |
Fix Released
|
Medium
|
Unassigned |
Bug Description
This is CVE-2013-2070. An nginx proxy_pass buffer overflow risk is present.
Per upstream, nginx versions 1.1.4 and higher are affected. As such, Precise, Quantal, and Raring are affected. Saucy has already received this fix as part of the 1.4.1-1 merge (bug 1177919).
This is tracked on the Ubuntu Security Team CVE Tracker at http://
The upstream patch for this is located at http://
This bug is being created to track the status of this being fixed in affected nginx versions in releases of Ubuntu.
(Bug importance was set to Medium per mdeslaur's guidance on IRC in #ubuntu-hardened.)
Related branches
lp:ubuntu/raring-security/nginx
Ready for review
for merging
into
lp:ubuntu/raring/nginx
- Roger Mbiama Assogo (community): Approve
-
Diff: 6045 lines (+5938/-7)11 files modified.pc/applied-patches (+2/-0)
.pc/cve-2013-2070.patch/src/http/modules/ngx_http_proxy_module.c (+4038/-0)
.pc/cve-2013-4547.patch/src/http/ngx_http_parse.c (+1820/-0)
debian/changelog (+24/-0)
debian/patches/cve-2013-2070.patch (+18/-0)
debian/patches/cve-2013-4547.patch (+21/-0)
debian/patches/series (+2/-0)
debian/patches/ubuntu-branding.patch (+5/-5)
src/core/nginx.h (+2/-2)
src/http/modules/ngx_http_proxy_module.c (+4/-0)
src/http/ngx_http_parse.c (+2/-0)
CVE References
description: | updated |
Changed in nginx (Ubuntu): | |
assignee: | nobody → Thomas Ward (teward) |
Changed in nginx (Ubuntu Precise): | |
importance: | Undecided → Medium |
Changed in nginx (Ubuntu Quantal): | |
importance: | Undecided → Medium |
Changed in nginx (Ubuntu Raring): | |
importance: | Undecided → Medium |
Changed in nginx (Ubuntu Precise): | |
assignee: | nobody → Thomas Ward (teward) |
Changed in nginx (Ubuntu Quantal): | |
assignee: | nobody → Thomas Ward (teward) |
Changed in nginx (Ubuntu Raring): | |
assignee: | nobody → Thomas Ward (teward) |
Changed in nginx (Ubuntu): | |
assignee: | Thomas Ward (teward) → nobody |
Changed in nginx (Ubuntu Precise): | |
status: | New → Confirmed |
Changed in nginx (Ubuntu Quantal): | |
status: | New → Confirmed |
Changed in nginx (Ubuntu Raring): | |
status: | New → Confirmed |
Changed in nginx (Ubuntu): | |
status: | New → Fix Released |
Changed in nginx (Ubuntu Precise): | |
status: | Confirmed → In Progress |
Changed in nginx (Ubuntu Quantal): | |
status: | Confirmed → In Progress |
Changed in nginx (Ubuntu Raring): | |
status: | Confirmed → In Progress |
Changed in nginx (Ubuntu Precise): | |
status: | In Progress → Confirmed |
Changed in nginx (Ubuntu Quantal): | |
status: | In Progress → Confirmed |
Changed in nginx (Ubuntu Raring): | |
status: | In Progress → Confirmed |
Changed in nginx (Ubuntu Precise): | |
assignee: | Thomas Ward (teward) → nobody |
Changed in nginx (Ubuntu Quantal): | |
assignee: | Thomas Ward (teward) → nobody |
Changed in nginx (Ubuntu Raring): | |
assignee: | Thomas Ward (teward) → nobody |
To post a comment you must log in.
To summarize the reasons for the changes on this bug done by me:
This CVE has already been "Fix Released" in Saucy, as part of the 1.4.1-1ubuntu2 package, and as part of the merge of 1.4.1-1 from Debian with the ubuntu delta that exists.
The affected versions are in Precise, Quantal, and Raring, and I have assigned myself to those, as I will be working on preparing debdiffs for each of the affected releases, after which a member of the security team will be able to take a look at the debdiffs for inclusion into the security updates.
Lucid is not affected by this CVE.