[nginx-announce] security advisory

[nginx-announce] security advisory Hello! Matthew Daley discovered a security problem in the ngx_http_mp4_module, CVE-2012-2089. A specially crafted mp4 file might allow to overwrite memory locations in a worker process if the ngx_http_mp4_module is used, potentially resulting in arbitrary code execution. The problem affects nginx 1.1.3+, 1.0.7+ built with the ngx_http_mp4_module (the module is not built by default) and the "mp4" directive is used in a configuration file. The problem is fixed in 1.1.19, 1.0.15. Patch for the problem can be found here: http://nginx.org/download/patch.2012.mp4.txt Maxim Dounin _______________________________________________ nginx-announce mailing list nginx-announce@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-announcehttp://forum.nginx.org/read.php?27,225232,225232#msg-225232Tue, 21 May 2013 16:17:49 -0400 Phorum 5.2.16 http://forum.nginx.org/read.php?27,225232,225232#msg-225232 [nginx-announce] security advisoryhttp://forum.nginx.org/read.php?27,225232,225232#msg-225232
Matthew Daley discovered a security problem in the
ngx_http_mp4_module, CVE-2012-2089.

A specially crafted mp4 file might allow to overwrite memory
locations in a worker process if the ngx_http_mp4_module is
used, potentially resulting in arbitrary code execution.

The problem affects nginx 1.1.3+, 1.0.7+ built with the
ngx_http_mp4_module (the module is not built by default) and
the "mp4" directive is used in a configuration file.

The problem is fixed in 1.1.19, 1.0.15.

Patch for the problem can be found here:

http://nginx.org/download/patch.2012.mp4.txt

Maxim Dounin

_______________________________________________
nginx-announce mailing list
nginx-announce@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-announce]]> Maxim Dounin Nginx Announcements - EnglishThu, 12 Apr 2012 09:30:00 -0400