Bug 1048265 (CVE-2017-7529)

Summary: VUL-0: CVE-2017-7529: nginx: Integer overflow in nginx range filter module leading to memory disclosure
Product: [Novell Products] SUSE Security Incidents Reporter: Victor Pereira <vpereira>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Minor    
Priority: P3 - Medium CC: astieger, smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: openSUSE 42.2   
URL: https://smash.suse.de/issue/188376/
Whiteboard: CVSSv2:NVD:CVE-2017-7529:5.0:(AV:N/AC:L/Au:N/C:P/I:N/A:N) CVSSv3:NVD:CVE-2017-7529:7.5:(AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) CVSSv3:RedHat:CVE-2017-7529:5.3:(AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Victor Pereira 2017-07-12 06:08:49 UTC 
rh#1468584

An integer overflow vunlerability in nginx range filter module in  ngx_http_range_parse() function was found, potentially resulting in memory disclosure when used with 3rd party modules. Issue can be triggered by specially crafted http range request resulting into leaking the content of the cache file header.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1468584
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7529
Comment 1 Marcus Meissner 2017-07-12 07:01:05 UTC 
there is also nginx-1.0 , used in ATK 1.3.
Comment 2 Cristian Rodríguez 2017-07-12 14:13:50 UTC 
I will not be allocating time to look at this issue..Let's see if Darix can do it.
Comment 3 Stefan Schubert 2017-07-24 07:54:27 UTC 
I have submitted a patch for SUSE_SLE-11-SP2_Update:
created request id 136231
Comment 5 Stefan Schubert 2017-07-24 08:39:02 UTC 
I have submitted a patch for openSUSE_Leap_42.2_Update:
created request id 512206

Please assign back if anything is still needed.
Comment 6 Bernhard Wiedemann 2017-07-24 10:00:29 UTC 
This is an autogenerated message for OBS integration:
This bug (1048265) was mentioned in
https://build.opensuse.org/request/show/512206 42.2 / nginx
Comment 7 Andreas Stieger 2017-07-24 20:18:05 UTC 
processed for 42.2 maintenance. Did not affect 42.3 (1.13.1)
Comment 8 Bernhard Wiedemann 2017-07-25 16:00:33 UTC 
This is an autogenerated message for OBS integration:
This bug (1048265) was mentioned in
https://build.opensuse.org/request/show/512547 42.2 / nginx
Comment 10 Swamp Workflow Management 2017-07-29 13:08:10 UTC 
openSUSE-SU-2017:2003-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1048265
CVE References: CVE-2017-7529
Sources used:
openSUSE Leap 42.2 (src):    nginx-1.8.1-10.5.1
Comment 11 Swamp Workflow Management 2017-09-07 19:07:29 UTC 
SUSE-SU-2017:2387-1: An update that fixes one vulnerability is now available.

Category: security (low)
Bug References: 1048265
CVE References: CVE-2017-7529
Sources used:
SUSE Webyast 1.3 (src):    nginx-1.0-1.0.15-0.35.3.1
SUSE Studio Onsite 1.3 (src):    nginx-1.0-1.0.15-0.35.3.1
SUSE Lifecycle Management Server 1.3 (src):    nginx-1.0-1.0.15-0.35.3.1
Comment 12 Swamp Workflow Management 2018-03-14 10:30:05 UTC 
This is an autogenerated message for OBS integration:
This bug (1048265) was mentioned in
https://build.opensuse.org/request/show/586718 Backports:SLE-12 / nginx
https://build.opensuse.org/request/show/586722 42.3 / nginx
Comment 13 Swamp Workflow Management 2018-03-26 13:16:48 UTC 
openSUSE-SU-2018:0813-1: An update that solves one vulnerability and has two fixes is now available.

Category: security (moderate)
Bug References: 1048265,1057831,1059685
CVE References: CVE-2017-7529
Sources used:
SUSE Package Hub for SUSE Linux Enterprise 12 (src):    nginx-1.13.9-12.1
Comment 14 Andreas Stieger 2018-03-27 04:22:20 UTC 
done
Comment 15 Swamp Workflow Management 2018-03-27 10:07:26 UTC 
openSUSE-SU-2018:0823-1: An update that solves one vulnerability and has two fixes is now available.

Category: security (moderate)
Bug References: 1048265,1057831,1059685
CVE References: CVE-2017-7529
Sources used:
openSUSE Leap 42.3 (src):    nginx-1.13.9-2.3.1