- ------------------------------------------------------------------------- Debian Security Advisory DSA-2802-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Thijs Kinkhorst November 21, 2013 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : nginx Vulnerability : restriction bypass Problem type : remote Debian-specific: no CVE ID : CVE-2013-4547 Debian Bug : 730012 Ivan Fratric of the Google Security Team discovered a bug in nginx, a web server, which might allow an attacker to bypass security restrictions by using a specially crafted request. The oldstable distribution (squeeze) is not affected by this problem. For the stable distribution (wheezy), this problem has been fixed in version 1.2.1-2.2+wheezy2. For the unstable distribution (sid), this problem has been fixed in version 1.4.4-1. We recommend that you upgrade your nginx packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
Debian: DSA-2802-1: nginx security update
Ivan Fratric of the Google Security Team discovered a bug in nginx, a web server, which might allow an attacker to bypass security restrictions by using a specially crafted request.
