diff options
| author |   robert <robert@openbsd.org> | 2013-11-21 14:02:25 +0000 |
|---|---|---|
| committer | robert <robert@openbsd.org> | 2013-11-21 14:02:25 +0000 |
| commit | 89164ff76d703fa484f54f6ed53f8cdb06ea5c6c (patch) | |
| tree | 6a1ed4242bfc2c11dd020828d3084c6546b1df31 | |
| parent | regen (diff) | |
| download | wireguard-openbsd-89164ff76d703fa484f54f6ed53f8cdb06ea5c6c.tar.xz wireguard-openbsd-89164ff76d703fa484f54f6ed53f8cdb06ea5c6c.zip | |
security update to nginx 1.4.4 which fixes CVE-2013-4547
| -rw-r--r-- | usr.sbin/nginx/CHANGES | 8 | ||||
| -rw-r--r-- | usr.sbin/nginx/CHANGES.ru | 8 | ||||
| -rw-r--r-- | usr.sbin/nginx/src/core/nginx.h | 4 | ||||
| -rw-r--r-- | usr.sbin/nginx/src/http/ngx_http_parse.c | 2 |
4 files changed, 20 insertions, 2 deletions
diff --git a/usr.sbin/nginx/CHANGES b/usr.sbin/nginx/CHANGES index a35c22b902d..4899a6d92df 100644 --- a/usr.sbin/nginx/CHANGES +++ b/usr.sbin/nginx/CHANGES @@ -1,4 +1,12 @@ +Changes with nginx 1.4.4 19 Nov 2013 + + *) Security: a character following an unescaped space in a request line + was handled incorrectly (CVE-2013-4547); the bug had appeared in + 0.8.41. + Thanks to Ivan Fratric of the Google Security Team. + + Changes with nginx 1.4.3 08 Oct 2013 *) Bugfix: a segmentation fault might occur in a worker process if the diff --git a/usr.sbin/nginx/CHANGES.ru b/usr.sbin/nginx/CHANGES.ru index 34af0e8dd3d..2e12f09cd66 100644 --- a/usr.sbin/nginx/CHANGES.ru +++ b/usr.sbin/nginx/CHANGES.ru @@ -1,4 +1,12 @@ +Изменения в nginx 1.4.4 19.11.2013 + + *) Безопасность: символ, следующий за незакодированным пробелом в строке + запроса, обрабатывался неправильно (CVE-2013-4547); ошибка появилась + в 0.8.41. + Спасибо Ivan Fratric из Google Security Team. + + Изменения в nginx 1.4.3 08.10.2013 *) Исправление: в рабочем процессе мог произойти segmentation fault, diff --git a/usr.sbin/nginx/src/core/nginx.h b/usr.sbin/nginx/src/core/nginx.h index 2ce21ae196e..609bdaa89d5 100644 --- a/usr.sbin/nginx/src/core/nginx.h +++ b/usr.sbin/nginx/src/core/nginx.h @@ -9,8 +9,8 @@ #define _NGINX_H_INCLUDED_ -#define nginx_version 1004003 -#define NGINX_VERSION "1.4.3" +#define nginx_version 1004004 +#define NGINX_VERSION "1.4.4" #define NGINX_VER "nginx/" NGINX_VERSION #define NGINX_VAR "NGINX" diff --git a/usr.sbin/nginx/src/http/ngx_http_parse.c b/usr.sbin/nginx/src/http/ngx_http_parse.c index 3c168aaf25b..f8d5910ddef 100644 --- a/usr.sbin/nginx/src/http/ngx_http_parse.c +++ b/usr.sbin/nginx/src/http/ngx_http_parse.c @@ -614,6 +614,7 @@ ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b) default: r->space_in_uri = 1; state = sw_check_uri; + p--; break; } break; @@ -667,6 +668,7 @@ ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b) default: r->space_in_uri = 1; state = sw_uri; + p--; break; } break; |