Bug 5157 - nginx new security issue CVE-2012-1180
Summary: nginx new security issue CVE-2012-1180
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 1
Hardware: i586 Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact:
URL: http://seclists.org/bugtraq/2012/Mar/65
Whiteboard:
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2012-03-29 12:05 CEST by David Walser
Modified: 2012-04-03 12:25 CEST (History)
7 users (show)

See Also:
Source RPM: nginx-1.0.0-1.mga1.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2012-03-29 12:05:12 CEST 
Mandriva has issued this advisory today (March 29):
http://www.mandriva.com/en/support/security/advisories/?dis=2010.1&name=MDVSA-2012:043

A better reference is here:
https://bugzilla.redhat.com/show_bug.cgi?id=803856

Cauldron is not affected (it already has 1.0.14).
David Walser 2012-03-29 12:05:34 CEST

CC: (none) => guillomovitch

David Walser 2012-03-29 12:05:47 CEST

CC: (none) => fundawang

David Walser 2012-03-29 12:05:58 CEST

CC: (none) => dmorganec

Comment 1 Guillaume Rousse 2012-03-29 20:04:24 CEST 
nginx-1.0.0-1.1.mga submitted to updates_testing, with upstream patch applied.

Status: NEW => ASSIGNED

Comment 2 David Walser 2012-03-29 20:19:59 CEST 
Is this ready for QA?
Comment 3 Guillaume Rousse 2012-03-29 20:23:20 CEST 
I think so. Unless you expect more than rebuilding with a patch, of course :)
Comment 4 David Walser 2012-03-29 20:30:30 CEST 
:o)  Thanks Guillaume.

Advisory
========================

Updated nginx package fixes security vulnerability:

Specially crafted backend response could result in sensitive
information leak (CVE-2012-1180).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1180
https://bugzilla.redhat.com/show_bug.cgi?id=803856
http://www.mandriva.com/en/support/security/advisories/?dis=2010.1&name=MDVSA-2012:043
========================

Updated packages in core/updates_testing:
========================
nginx-1.0.0-1.1.mga1

from nginx-1.0.0-1.1.mga1.src.rpm

Assignee: bugsquad => qa-bugs

Comment 5 Dave Hodgins 2012-03-30 04:48:39 CEST 
/usr/share/nginx/html/index.html should have the two occurrences
of Mandriva replaced by Mageia and the icon shown from
http://www.mandriva.com/"><img
                    src="poweredby.png"
                    alt="[ Powered by Mandriva ]"
should either be removed or replaced with a Mageia icon,  but
that won't hold the update.  I'll let you decide if you want to
fix it, or if you would like me to open a new bug report for that.

No POC, so just testing that it works.

Testing complete on i586 for the srpm
nginx-1.0.0-1.1.mga1.src.rpm

CC: (none) => davidwhodgins

Comment 6 Derek Jennings 2012-04-03 11:59:34 CEST 
Testing complete on x86_64 for 
nginx-1.0.0-1.1.mga1.src.rpm

Tested basic server functionality. 

Update validated.

Could sysadmin please push nginx-1.0.0-1.1.mga1.src.rpm from core/updates_testing to core/updates please.

Advisory
-------
Updated nginx package fixes security vulnerability:

Specially crafted backend response could result in sensitive
information leak (CVE-2012-1180).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1180
https://bugzilla.redhat.com/show_bug.cgi?id=803856
http://www.mandriva.com/en/support/security/advisories/?dis=2010.1&name=MDVSA-2012:043

Keywords: (none) => validated_update
CC: (none) => derekjenn, sysadmin-bugs

Comment 7 Thomas Backlund 2012-04-03 12:25:37 CEST 
Update pushed.

Status: ASSIGNED => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.