Security Advisory - July 11 2017: CVE-2017-7529
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| nginx (Ubuntu) |
Fix Released
|
Medium
|
Thomas Ward | ||
| Trusty |
Fix Released
|
Medium
|
Unassigned | ||
| Xenial |
Fix Released
|
Medium
|
Unassigned | ||
| Yakkety |
Fix Released
|
Medium
|
Unassigned | ||
| Zesty |
Fix Released
|
Medium
|
Unassigned | ||
| Artful |
Fix Released
|
Medium
|
Thomas Ward | ||
Bug Description
It was reported by NGINX that there was a security vulnerability. Specifically that:
A specially crafted request might result in an integer overflow and incorrect processing of ranges in the range filter, potentially resulting in sensitive information leak.
------
Refer to original notice here: http://
Copy of the message contents below:
Hello!
A security issue was identified in nginx range filter. A specially
crafted request might result in an integer overflow and incorrect
processing of ranges, potentially resulting in sensitive information
leak (CVE-2017-7529).
When using nginx with standard modules this allows an attacker to
obtain a cache file header if a response was returned from cache.
In some configurations a cache file header may contain IP address
of the backend server or other sensitive information.
Besides, with 3rd party modules it is potentially possible that
the issue may lead to a denial of service or a disclosure of
a worker process memory. No such modules are currently known though.
The issue affects nginx 0.5.6 - 1.13.2.
The issue is fixed in nginx 1.13.3, 1.12.1.
For older versions, the following configuration can be used
as a temporary workaround:
max_ranges 1;
Patch for the issue can be found here:
http://
--
Maxim Dounin
http://
------
CVE References
| Thomas Ward (teward) wrote | #1 |
| Changed in nginx (Ubuntu Zesty): | |
| status: | New → Confirmed |
| Changed in nginx (Ubuntu Yakkety): | |
| status: | New → Confirmed |
| Changed in nginx (Ubuntu Xenial): | |
| status: | New → Incomplete |
| status: | Incomplete → Confirmed |
| Changed in nginx (Ubuntu Trusty): | |
| status: | New → Confirmed |
| importance: | Undecided → Medium |
| Changed in nginx (Ubuntu Xenial): | |
| importance: | Undecided → Medium |
| Changed in nginx (Ubuntu Yakkety): | |
| importance: | Undecided → Medium |
| Changed in nginx (Ubuntu Zesty): | |
| importance: | Undecided → Medium |
| Changed in nginx (Ubuntu Artful): | |
| status: | Confirmed → In Progress |
| Changed in nginx (Ubuntu Zesty): | |
| status: | Confirmed → Fix Released |
| Changed in nginx (Ubuntu Yakkety): | |
| status: | Confirmed → Fix Released |
| Changed in nginx (Ubuntu Xenial): | |
| status: | Confirmed → Fix Released |
| Changed in nginx (Ubuntu Trusty): | |
| status: | Confirmed → Won't Fix |
| status: | Won't Fix → Fix Released |
| Changed in nginx (Ubuntu Artful): | |
| status: | In Progress → Fix Committed |
| Launchpad Janitor (janitor) wrote | #2 |
| Changed in nginx (Ubuntu Artful): | |
| status: | Fix Committed → Fix Released |
A temporary workaround would be to set this in your configuration:
max_ranges 1;