Bug 1048265 - (CVE-2017-7529) VUL-0: CVE-2017-7529: nginx: Integer overflow in nginx range filter module leading to memory disclosure
(CVE-2017-7529)
VUL-0: CVE-2017-7529: nginx: Integer overflow in nginx range filter module le...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other openSUSE 42.2
: P3 - Medium : Minor
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/188376/
CVSSv2:NVD:CVE-2017-7529:5.0:(AV:N/AC...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-07-12 06:08 UTC by Victor Pereira
Modified: 2019-02-06 15:45 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Victor Pereira 2017-07-12 06:08:49 UTC
rh#1468584

An integer overflow vunlerability in nginx range filter module in  ngx_http_range_parse() function was found, potentially resulting in memory disclosure when used with 3rd party modules. Issue can be triggered by specially crafted http range request resulting into leaking the content of the cache file header.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1468584
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7529
Comment 1 Marcus Meissner 2017-07-12 07:01:05 UTC
there is also nginx-1.0 , used in ATK 1.3.
Comment 2 Cristian Rodríguez 2017-07-12 14:13:50 UTC
I will not be allocating time to look at this issue..Let's see if Darix can do it.
Comment 3 Stefan Schubert 2017-07-24 07:54:27 UTC
I have submitted a patch for SUSE_SLE-11-SP2_Update:
created request id 136231
Comment 5 Stefan Schubert 2017-07-24 08:39:02 UTC
I have submitted a patch for openSUSE_Leap_42.2_Update:
created request id 512206

Please assign back if anything is still needed.
Comment 6 Bernhard Wiedemann 2017-07-24 10:00:29 UTC
This is an autogenerated message for OBS integration:
This bug (1048265) was mentioned in
https://build.opensuse.org/request/show/512206 42.2 / nginx
Comment 7 Andreas Stieger 2017-07-24 20:18:05 UTC
processed for 42.2 maintenance. Did not affect 42.3 (1.13.1)
Comment 8 Bernhard Wiedemann 2017-07-25 16:00:33 UTC
This is an autogenerated message for OBS integration:
This bug (1048265) was mentioned in
https://build.opensuse.org/request/show/512547 42.2 / nginx
Comment 10 Swamp Workflow Management 2017-07-29 13:08:10 UTC
openSUSE-SU-2017:2003-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1048265
CVE References: CVE-2017-7529
Sources used:
openSUSE Leap 42.2 (src):    nginx-1.8.1-10.5.1
Comment 11 Swamp Workflow Management 2017-09-07 19:07:29 UTC
SUSE-SU-2017:2387-1: An update that fixes one vulnerability is now available.

Category: security (low)
Bug References: 1048265
CVE References: CVE-2017-7529
Sources used:
SUSE Webyast 1.3 (src):    nginx-1.0-1.0.15-0.35.3.1
SUSE Studio Onsite 1.3 (src):    nginx-1.0-1.0.15-0.35.3.1
SUSE Lifecycle Management Server 1.3 (src):    nginx-1.0-1.0.15-0.35.3.1
Comment 12 Swamp Workflow Management 2018-03-14 10:30:05 UTC
This is an autogenerated message for OBS integration:
This bug (1048265) was mentioned in
https://build.opensuse.org/request/show/586718 Backports:SLE-12 / nginx
https://build.opensuse.org/request/show/586722 42.3 / nginx
Comment 13 Swamp Workflow Management 2018-03-26 13:16:48 UTC
openSUSE-SU-2018:0813-1: An update that solves one vulnerability and has two fixes is now available.

Category: security (moderate)
Bug References: 1048265,1057831,1059685
CVE References: CVE-2017-7529
Sources used:
SUSE Package Hub for SUSE Linux Enterprise 12 (src):    nginx-1.13.9-12.1
Comment 14 Andreas Stieger 2018-03-27 04:22:20 UTC
done
Comment 15 Swamp Workflow Management 2018-03-27 10:07:26 UTC
openSUSE-SU-2018:0823-1: An update that solves one vulnerability and has two fixes is now available.

Category: security (moderate)
Bug References: 1048265,1057831,1059685
CVE References: CVE-2017-7529
Sources used:
openSUSE Leap 42.3 (src):    nginx-1.13.9-2.3.1