*** This bug is a security vulnerability *** Public security bug reported:
It was reported by NGINX that there was a security vulnerability. Specifically that: A specially crafted request might result in an integer overflow and incorrect processing of ranges in the range filter, potentially resulting in sensitive information leak. ------ Refer to original notice here: http://mailman.nginx.org/pipermail/nginx- announce/2017/000200.html Copy of the message contents below: Hello! A security issue was identified in nginx range filter. A specially crafted request might result in an integer overflow and incorrect processing of ranges, potentially resulting in sensitive information leak (CVE-2017-7529). When using nginx with standard modules this allows an attacker to obtain a cache file header if a response was returned from cache. In some configurations a cache file header may contain IP address of the backend server or other sensitive information. Besides, with 3rd party modules it is potentially possible that the issue may lead to a denial of service or a disclosure of a worker process memory. No such modules are currently known though. The issue affects nginx 0.5.6 - 1.13.2. The issue is fixed in nginx 1.13.3, 1.12.1. For older versions, the following configuration can be used as a temporary workaround: max_ranges 1; Patch for the issue can be found here: http://nginx.org/download/patch.2017.ranges.txt -- Maxim Dounin http://nginx.org/ ------ ** Affects: nginx (Ubuntu) Importance: Medium Assignee: Thomas Ward (teward) Status: In Progress ** Affects: nginx (Ubuntu Trusty) Importance: Medium Status: Confirmed ** Affects: nginx (Ubuntu Xenial) Importance: Medium Status: Confirmed ** Affects: nginx (Ubuntu Yakkety) Importance: Medium Status: Confirmed ** Affects: nginx (Ubuntu Zesty) Importance: Medium Status: Confirmed ** Affects: nginx (Ubuntu Artful) Importance: Medium Assignee: Thomas Ward (teward) Status: In Progress ** Also affects: nginx (Ubuntu Trusty) Importance: Undecided Status: New ** Also affects: nginx (Ubuntu Yakkety) Importance: Undecided Status: New ** Also affects: nginx (Ubuntu Artful) Importance: Medium Assignee: Thomas Ward (teward) Status: Confirmed ** Also affects: nginx (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: nginx (Ubuntu Zesty) Importance: Undecided Status: New ** Changed in: nginx (Ubuntu Zesty) Status: New => Confirmed ** Changed in: nginx (Ubuntu Yakkety) Status: New => Confirmed ** Changed in: nginx (Ubuntu Xenial) Status: New => Incomplete ** Changed in: nginx (Ubuntu Xenial) Status: Incomplete => Confirmed ** Changed in: nginx (Ubuntu Trusty) Status: New => Confirmed ** Changed in: nginx (Ubuntu Trusty) Importance: Undecided => Medium ** Changed in: nginx (Ubuntu Xenial) Importance: Undecided => Medium ** Changed in: nginx (Ubuntu Yakkety) Importance: Undecided => Medium ** Changed in: nginx (Ubuntu Zesty) Importance: Undecided => Medium ** Changed in: nginx (Ubuntu Artful) Status: Confirmed => In Progress ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-7529 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1704151 Title: Security Advisory - July 11 2017: CVE-2017-7529 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1704151/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
