Bug 869076 - (CVE-2014-0133) VUL-0: CVE-2014-0133: nginx:heap-based buffer overflow in SPDY implementation
(CVE-2014-0133)
VUL-0: CVE-2014-0133: nginx:heap-based buffer overflow in SPDY implementation
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other openSUSE 13.1
: P5 - None : Normal
: ---
Assigned To: Cristian Rodríguez
Security Team bot
https://smash.suse.de/issue/97131/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-03-19 07:32 UTC by Marcus Meissner
Modified: 2015-02-19 04:16 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2014-03-19 07:32:05 UTC
CVE-2014-0133


A bug in the experimental SPDY implementation in nginx was found, which
might allow an attacker to cause a heap memory buffer overflow in a
worker process by using a specially crafted request, potentially
resulting in arbitrary code execution (CVE-2014-0133).

The problem affects nginx 1.3.15 - 1.5.11, compiled with the
ngx_http_spdy_module module (which is not compiled by default) and
without --with-debug configure option, if the "spdy" option of the
"listen" directive is used in a configuration file.

The problem is fixed in nginx 1.5.12, 1.4.7.

Upstream fix: http://nginx.org/download/patch.2014.spdy2.txt

http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html
Comment 1 Marcus Meissner 2014-03-19 07:33:10 UTC
only openSUSE 13.1 affected apparently.
Comment 2 Aeneas Jaißle 2014-03-19 10:59:58 UTC
https://build.opensuse.org/request/show/226717
Comment 3 Marcus Meissner 2014-03-19 15:53:57 UTC
accepted
Comment 4 Swamp Workflow Management 2014-03-26 16:05:10 UTC
openSUSE-SU-2014:0450-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 869076
CVE References: CVE-2014-0133
Sources used:
openSUSE 13.1 (src):    nginx-1.4.7-3.9.1