Bug 869076 (CVE-2014-0133)

Summary: VUL-0: CVE-2014-0133: nginx:heap-based buffer overflow in SPDY implementation
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Cristian Rodríguez <crrodriguez>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P5 - None CC: aj, lslezak, smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: openSUSE 13.1   
URL: https://smash.suse.de/issue/97131/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Marcus Meissner 2014-03-19 07:32:05 UTC 
CVE-2014-0133


A bug in the experimental SPDY implementation in nginx was found, which
might allow an attacker to cause a heap memory buffer overflow in a
worker process by using a specially crafted request, potentially
resulting in arbitrary code execution (CVE-2014-0133).

The problem affects nginx 1.3.15 - 1.5.11, compiled with the
ngx_http_spdy_module module (which is not compiled by default) and
without --with-debug configure option, if the "spdy" option of the
"listen" directive is used in a configuration file.

The problem is fixed in nginx 1.5.12, 1.4.7.

Upstream fix: http://nginx.org/download/patch.2014.spdy2.txt

http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html
Comment 1 Marcus Meissner 2014-03-19 07:33:10 UTC 
only openSUSE 13.1 affected apparently.
Comment 2 Aeneas Jaißle 2014-03-19 10:59:58 UTC 
https://build.opensuse.org/request/show/226717
Comment 3 Marcus Meissner 2014-03-19 15:53:57 UTC 
accepted
Comment 4 Swamp Workflow Management 2014-03-26 16:05:10 UTC 
openSUSE-SU-2014:0450-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 869076
CVE References: CVE-2014-0133
Sources used:
openSUSE 13.1 (src):    nginx-1.4.7-3.9.1