Mandrake Local Security Checks : Mandriva Security Advisory MDVSA-2012:043 (nginx)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.72029

Categoría: Mandrake Local Security Checks

Título: Mandriva Security Advisory MDVSA-2012:043 (nginx)

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing an update to nginx
announced via advisory MDVSA-2012:043.

A vulnerability has been found and corrected in nginx:

Specially crafted backend response could result in sensitive
information leak (CVE-2012-1180).

The updated packages have been patched to correct this issue.

Affected: 2010.1, 2011.

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2012:043

Risk factor : High

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-1180
1026827
http://www.securitytracker.com/id?1026827
20120315 nginx fix for malformed HTTP responses from upstream servers
http://seclists.org/bugtraq/2012/Mar/65
48465
http://secunia.com/advisories/48465
48577
http://secunia.com/advisories/48577
52578
http://www.securityfocus.com/bid/52578
80124
http://osvdb.org/80124
DSA-2434
http://www.debian.org/security/2012/dsa-2434
FEDORA-2012-3846
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077966.html
FEDORA-2012-3991
http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076646.html
FEDORA-2012-4006
http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076671.html
GLSA-201203-22
http://security.gentoo.org/glsa/glsa-201203-22.xml
MDVSA-2012:043
http://www.mandriva.com/security/advisories?name=MDVSA-2012:043
[oss-security] 20120315 CVE Request: nginx fix for malformed HTTP responses from upstream servers
http://www.openwall.com/lists/oss-security/2012/03/15/5
[oss-security] 20120315 Re: CVE Request: nginx fix for malformed HTTP responses from upstream servers
http://www.openwall.com/lists/oss-security/2012/03/15/9
http://nginx.org/download/patch.2012.memory.txt
http://nginx.org/en/security_advisories.html
http://trac.nginx.org/nginx/changeset/4530/nginx
http://trac.nginx.org/nginx/changeset/4531/nginx
https://bugzilla.redhat.com/show_bug.cgi?id=803856
nginx-ngxcpystrn-info-disclosure(74191)
https://exchange.xforce.ibmcloud.com/vulnerabilities/74191
openSUSE-SU-2012:0469
https://hermes.opensuse.org/messages/14173096

Copyright Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.72029
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2012:043 (nginx)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to nginx announced via advisory MDVSA-2012:043. A vulnerability has been found and corrected in nginx: Specially crafted backend response could result in sensitive information leak (CVE-2012-1180). The updated packages have been patched to correct this issue. Affected: 2010.1, 2011. Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2012:043 Risk factor : High
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-1180 1026827 http://www.securitytracker.com/id?1026827 20120315 nginx fix for malformed HTTP responses from upstream servers http://seclists.org/bugtraq/2012/Mar/65 48465 http://secunia.com/advisories/48465 48577 http://secunia.com/advisories/48577 52578 http://www.securityfocus.com/bid/52578 80124 http://osvdb.org/80124 DSA-2434 http://www.debian.org/security/2012/dsa-2434 FEDORA-2012-3846 http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077966.html FEDORA-2012-3991 http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076646.html FEDORA-2012-4006 http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076671.html GLSA-201203-22 http://security.gentoo.org/glsa/glsa-201203-22.xml MDVSA-2012:043 http://www.mandriva.com/security/advisories?name=MDVSA-2012:043 [oss-security] 20120315 CVE Request: nginx fix for malformed HTTP responses from upstream servers http://www.openwall.com/lists/oss-security/2012/03/15/5 [oss-security] 20120315 Re: CVE Request: nginx fix for malformed HTTP responses from upstream servers http://www.openwall.com/lists/oss-security/2012/03/15/9 http://nginx.org/download/patch.2012.memory.txt http://nginx.org/en/security_advisories.html http://trac.nginx.org/nginx/changeset/4530/nginx http://trac.nginx.org/nginx/changeset/4531/nginx https://bugzilla.redhat.com/show_bug.cgi?id=803856 nginx-ngxcpystrn-info-disclosure(74191) https://exchange.xforce.ibmcloud.com/vulnerabilities/74191 openSUSE-SU-2012:0469 https://hermes.opensuse.org/messages/14173096
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com