Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: <updates <at> fedoraproject.org>
Subject: [SECURITY] Fedora 18 Update: nginx-1.2.9-1.fc18
Newsgroups: gmane.linux.redhat.fedora.package.announce
Date: Thursday 23rd May 2013 12:24:19 UTC (over 3 years ago)
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2013-8182
2013-05-15 02:36:28
--------------------------------------------------------------------------------

Name        : nginx
Product     : Fedora 18
Version     : 1.2.9
Release     : 1.fc18
URL         : http://nginx.org/
Summary     : A high performance web server and reverse proxy server
Description :
Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and
IMAP protocols, with a strong focus on high concurrency, performance and
low
memory usage.

--------------------------------------------------------------------------------
Update Information:

Update to upstream release 1.2.9 which fixes:
* CVE-2013-2070 "denial of service or memory disclosure when using
proxy_pass"
fix build on platforms without gperftools
Update to upstream release 1.4.0, which includes support for proxying of
WebSocket connections, OCSP stapling, SPDY module, gunzip filter and more.
Build with "--with-debug" to enable optional debugging
--------------------------------------------------------------------------------
ChangeLog:

* Mon May 13 2013 Jamie Nguyen <[email protected]> - 1:1.2.9-1
- update to upstream release 1.2.9 which fixes CVE-2013-2070: "denial of
  service or memory disclosure when using proxy_pass" (#962525, #962526),
  which is related to CVE-2013-2028 affecting nginx 1.4.0
* Sun Apr 28 2013 Dan HorĂ¡k  - 1:1.2.8-3
- gperftools exist only on selected arches
* Fri Apr 26 2013 Jamie Nguyen <[email protected]> - 1:1.2.8-2
- enable google perftools module and add gperftools-devel to BR
- enable debugging (#956845)
- trim changelog
* Tue Apr  2 2013 Jamie Nguyen <[email protected]> - 1:1.2.8-1
- update to upstream release 1.2.8
* Fri Feb 22 2013 Jamie Nguyen <[email protected]> - 1:1.2.7-2
- make sure nginx directories are not world readable (#913724, #913735)
* Sat Feb 16 2013 Jamie Nguyen <[email protected]> - 1:1.2.7-1
- update to upstream release 1.2.7
- add .asc file
* Tue Feb  5 2013 Jamie Nguyen <[email protected]> - 1:1.2.6-6
- use 'kill' instead of 'systemctl' when rotating log files to workaround
  SELinux issue (#889151)
* Wed Jan 23 2013 Jamie Nguyen <[email protected]> - 1:1.2.6-5
- uncomment "include /etc/nginx/conf.d/*.conf by default but leave the
  conf.d directory empty (#903065)
* Wed Jan 23 2013 Jamie Nguyen <[email protected]> - 1:1.2.6-4
- add comment in nginx.conf regarding "include /etc/nginf/conf.d/*.conf"
  (#903065)
* Wed Dec 19 2012 Jamie Nguyen <[email protected]> - 1:1.2.6-3
- use correct file ownership when rotating log files
* Tue Dec 18 2012 Jamie Nguyen <[email protected]> - 1:1.2.6-2
- send correct kill signal and use correct file permissions when rotating
  log files (#888225)
- send correct kill signal in nginx-upgrade
* Tue Dec 11 2012 Jamie Nguyen <[email protected]> - 1:1.2.6-1
- update to upstream release 1.2.6
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #962525 - CVE-2013-2070 nginx: denial of service or memory
disclosure when using proxy_pass
        https://bugzilla.redhat.com/show_bug.cgi?id=962525
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update nginx' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on
the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/package-announce
 
CD: 3ms