Welcome! Log In Create A New Profile

Advanced

security advisory

Previous Message Next Message
Forum List Message List New Topic Print View
Maxim Dounin
April 12, 2012 09:30AM
Hello!

Matthew Daley discovered a security problem in the
ngx_http_mp4_module, CVE-2012-2089.

A specially crafted mp4 file might allow to overwrite memory
locations in a worker process if the ngx_http_mp4_module is
used, potentially resulting in arbitrary code execution.

The problem affects nginx 1.1.3+, 1.0.7+ built with the
ngx_http_mp4_module (the module is not built by default) and
the "mp4" directive is used in a configuration file.

The problem is fixed in 1.1.19, 1.0.15.

Patch for the problem can be found here:

http://nginx.org/download/patch.2012.mp4.txt

Maxim Dounin

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Reply Quote
RSS
SubjectAuthorPosted

security advisory

Maxim DouninApril 12, 2012 09:30AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 68
Record Number of Users: 3 on May 21, 2013
Record Number of Guests: 105 on May 21, 2013
Powered by nginx    Powered by FreeBSD    PHP Powered    Powered by Percona     ipv6 ready