Debian安全团队发现nginx存在缓冲区下溢漏洞(CVE-2009-2629),攻击者可能利用此漏洞执行任意代码或进行拒绝服务攻击。Brightbox已发布更新版本0.6.39的nginx包来解决此安全问题。
From the Debian Security team (CVE-2009-2629):
nginx … is vulnerable to a buffer underflow when processing certain HTTP requests. An attacker can use this to execute arbitrary code with the rights of the worker process or possibly perform denial of service attacks by repeatedly crashing worker processes via a specially crafted URL in an HTTP request.
New versions of our nginx packages that address this security vulnerability are now available. nginx 0.6.39 (with the fair balancer module) is available from the Brightbox apt repositories – running the following command will get you the latest version:
sudo apt-get update
sudo apt-get install nginx
Our more experimental nginx-brightbox package has also been upgraded to 0.6.39. This includes a number of nginx addons, such as the upload module, geoip module, and Phusion Passenger 2.0.5.
nginx … is vulnerable to a buffer underflow when processing certain HTTP requests. An attacker can use this to execute arbitrary code with the rights of the worker process or possibly perform denial of service attacks by repeatedly crashing worker processes via a specially crafted URL in an HTTP request.
New versions of our nginx packages that address this security vulnerability are now available. nginx 0.6.39 (with the fair balancer module) is available from the Brightbox apt repositories – running the following command will get you the latest version:
sudo apt-get update
sudo apt-get install nginx
Our more experimental nginx-brightbox package has also been upgraded to 0.6.39. This includes a number of nginx addons, such as the upload module, geoip module, and Phusion Passenger 2.0.5.
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
