From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on sa.int.altlinux.org X-Spam-Level: X-Spam-Status: No, score=-0.9 required=5.0 tests=AWL,BAYES_00,FUZZY_XPILL autolearn=no version=3.2.5 Date: Wed, 16 Sep 2009 13:18:54 +0300 From: Michael Shigorin To: sysadmins@lists.altlinux.org Message-ID: <20090916101854.GA28241@osdn.org.ua> Mail-Followup-To: sysadmins@lists.altlinux.org Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="Nq2Wo0NMKNjxTN9z" Content-Disposition: inline User-Agent: Mutt/1.4.2.1i Subject: [Sysadmins] I: nginx remote DoS/potential code exec vulnerability X-BeenThere: sysadmins@lists.altlinux.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: shigorin@gmail.com, ALT Linux sysadmin discuss List-Id: ALT Linux sysadmin discuss List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Sep 2009 10:19:09 -0000 Archived-At: List-Archive: --Nq2Wo0NMKNjxTN9z Content-Type: text/plain; charset=koi8-r Content-Disposition: inline Content-Transfer-Encoding: quoted-printable =FA=C4=D2=C1=D7=D3=D4=D7=D5=CA=D4=C5. =F7 nginx 0.1.0--0.8.14 =CF=C2=CE=C1=D2=D5=D6=C5=CE=C1 =CE=C5=D0=D2=C9=D1= =D4=CE=C1=D1 =D5=D1=DA=D7=C9=CD=CF=D3=D4=D8: =D7=CE=C5 =DA=C1=D7=C9=D3=C9=CD=CF=D3=D4=C9 =CF=D4 =CE=C1=D3=D4=D2=CF=C5=CB= =D3=C5=D2=D7=C5=D2=C1 =C9 =D7 =DA=C1=D7=C9=D3=C9=CD=CF=D3=D4=C9 =C9=D3=CB= =CC=C0=DE=C9=D4=C5=CC=D8=CE=CF =CF=D4 HTTP-=DA=C1=D0=D2=CF=D3=C1 =CD=CF=D6=C5=D4 =D0=D2=CF=C9=DA=CF=CA=D4= =C9 =D0=C5=D2=C5=D0=CF=CC=CE=C5=CE=C9=C5 =C2=D5=C6=C5=D2=C1 =D7 =D0=C1=D2= =D3=C5=D2=C5 =D4=C1=CB=CF=D7=D9=C8. =F0=D2=C9 =DC=D4=CF=CD =D3=C5=C7=C6=CF=CC=D4=C9=D4=D3=D1 =CE=C5=D0=D2=C9=D7= =C9=CC=C5=C7=C9=D2=CF=D7=C1=CE=CE=D9=CA worker =C9 =D7=CF=DA=CD=CF=D6=CE=CF =C9=D3=D0=CF=CC=CE=C5=CE=C9=C5 =D0=D2=CF=C9=DA=D7=CF=CC=D8=CE=CF=C7=CF =CB= =CF=C4=C1 (=D0=CF =D3=CC=CF=D7=C1=CD =E9=C7=CF=D2=D1 =F3=D9=D3=CF=C5=D7=C1, =CD=C1=CC=CF=D7=C5=D2=CF=D1=D4=CE=CF=C5 =D7 =D3=CC=D5=DE=C1=C5 =C2=CF=CC=D8= =DB=CF=C7=CF =CB=CF=CC=C9=DE=C5=D3=D4=D7=C1 =DA=C1=D0=D2=CF=D3=CF=D7 =D7 = =D3=C5=CB=D5=CE=C4=D5). =E9=D3=D0=D2=C1=D7=CC=C5=CE=CF =C1=D0=D3=D4=D2=C9=CD=CF=CD =D7 =D7=C5=D2=D3= =C9=D1=C8 0.8.15, 0.7.62, 0.6.39, 0.5.38; =C4=CF=D3=D4=D5=D0=C5=CE =D0=C1=D4=DE: http://sysoev.ru/nginx/patch.180065.= txt =E9=D3=D0=D2=C1=D7=CC=C5=CE=C9=D1 =C4=CC=D1 =D7=C5=D4=CF=CB 4.0/4.1 =C4=CF= =D3=D4=D5=D0=CE=D9 =D3=CF=CF=D4=D7=C5=D4=D3=D4=D7=C5=CE=CE=CF =CB=C1=CB nginx-0.5.31-alt4.M40.2 =C9 nginx-0.6.29-alt1.M41.2 -- =DC=D4=C9 =D3=C2=CF= =D2=CB=C9 =D3=CF=C4=C5=D2=D6=C1=D4 =D0=C1=D4=DE =D3 =C3=C5=CC=D8=C0 =CD=C9=CE=C9=CD= =C9=DA=C1=C3=C9=C9 =C9=DA=CD=C5=CE=C5=CE=C9=CA (=D7=CF=DA=CD=CF=D6=CE=CF, = =D3=D4=CF=C9=D4 =D7=D3=A3-=D4=C1=CB=C9 =D3=CF=C2=D2=C1=D4=D8 0.5.38, =CE=CF IIRC =D4=C1=CD = =C2=D9=CC=CF =CE=C5=CB=CF=D4=CF=D2=CF=C5 =C9=DA=CD=C5=CE=C5=CE=C9=C5 =D0=CF =DE=C1=D3=D4=C9 server wildcards). =F7 5.0 =CF=D4=D0=D2=C1=D7=CC=C5= =CE=C1 =D3=C2=CF=D2=CB=C1 0.8.15-alt1 =C9=DA Sisyphus. =E4=CC=D1 2.4 =D3=D5=DD=C5=D3=D4=D7=D5=C5=D4 =D3=C2=CF=D2=CB=C1 0.5.38-alt0= .M24.1: http://fly.osdn.org.ua/~mike/packages/nginx-M24/ -- =C5=A3 =D4=C5=C8=CE=C9=DE=C5=D3=CB=C9 =D5=D6=C5 =CE=C5 =D0=CF=CC=D5=DE= =C1=C5=D4=D3=D1 =D0=CF=CC=CF=D6=C9=D4=D8 =D7 backports/2.4 =CB=C1=CB =D0=CF=CC=CF=D6=C5=CE=CF, =D1 =D0=CF=CB=C1 =CE=C5 =CD=CF=C7=D5 = =CF=C2=CE=CF=D7=C9=D4=D8 =C8=DC=DB=C9. --=20 ---- WBR, Michael Shigorin ------ Linux.Kiev http://www.linux.kiev.ua/ --Nq2Wo0NMKNjxTN9z Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFKsLuObsPDprYMm3IRAuImAJ4319uStVA5mSGM1Rvqc8fhxAiS/QCgvU+H +YoSPAqbeG3tkkchUhc7jMw= =9+Ck -----END PGP SIGNATURE----- --Nq2Wo0NMKNjxTN9z--