Alerts This Week
Warning Icon 1 541
Alerts This Week
Warning Icon 1 541

Ubuntu 14.04 LTS: 2351-1 Critical Severity: Nginx Data Exposure

Calendar Sep 22, 2014 User Avatar LinuxSecurity Advisories
1 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory information leak critical ubuntu nginx data exposure network threat
nginx could be made to expose sensitive information over the network. 
=========================================================================Ubuntu Security Notice USN-2351-1
September 22, 2014

nginx vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

nginx could be made to expose sensitive information over the network.

Software Description:
- nginx: small, powerful, scalable web/proxy server

Details:

Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that nginx
incorrectly reused cached SSL sessions. An attacker could possibly use this
issue in certain configurations to obtain access to information from a
different virtual host.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
  nginx-core                      1.4.6-1ubuntu3.1
  nginx-extras                    1.4.6-1ubuntu3.1
  nginx-full                      1.4.6-1ubuntu3.1
  nginx-light                     1.4.6-1ubuntu3.1
  nginx-naxsi                     1.4.6-1ubuntu3.1

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-2351-1
  CVE-2014-3616

Package Information:
  https://launchpad.net/ubuntu/+source/nginx/1.4.6-1ubuntu3.1

Ubuntu 14.04 LTS: 2351-1 Critical Severity: Nginx Data Exposure

ubuntu
Calendar Grey September 22, 2014
Dist Ubuntu Esm H88
Unveil particulars about the nginx flaw present in Ubuntu that compromises the security of sensitive data while being transmitted across networks.
nginx could be made to expose sensitive information over the network.

Summary

Topics%20covered

Topics Covered

security advisory information leak critical ubuntu nginx data exposure network threat

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: nginx-core 1.4.6-1ubuntu3.1 nginx-extras 1.4.6-1ubuntu3.1 nginx-full 1.4.6-1ubuntu3.1 nginx-light 1.4.6-1ubuntu3.1 nginx-naxsi 1.4.6-1ubuntu3.1 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2351-1

CVE-2014-3616

Severity
critical
Lowest
Low
Medium
High
Critical

September 22, 2014

Topics%20covered

Topics Covered

security advisory information leak critical ubuntu nginx data exposure network threat

Package Information

https://launchpad.net/ubuntu/+source/nginx/1.4.6-1ubuntu3.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here