A flaw was reported [1] in nginx versions prior to 1.0.14 and 1.1.17 where contents of previously freed memory could be sent to a client if an upstream server returned a specially crafted HTTP response. This could potentially leak sensitive information to the HTTP client. This has been corrected upstream [2],[3] and a patch [4] is available for earlier versions of nginx. [1] http://seclists.org/bugtraq/2012/Mar/65 [2] http://trac.nginx.org/nginx/changeset/4530/nginx [3] http://trac.nginx.org/nginx/changeset/4531/nginx [4] http://nginx.org/download/patch.2012.memory.txt
Created nginx tracking bugs for this issue Affects: fedora-all [bug 803858] Affects: epel-all [bug 803859]
nginx-1.0.14-1.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
nginx-1.0.14-1.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report.
nginx-0.8.55-2.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.
nginx-1.0.14-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
nginx-1.0.14-1.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.