Hide Forgot
A stack-based buffer overflow flaw was found in the way Nginx, a high performance web server and reverse proxy server for HTTP, SMTP, POP3, and IMAP protocols, performed processing of certain chunked transfer encoding HTTP requests. A remote attacker could provide a HTTP request with specially-crafted size or length values of the chunked packet that, when processed would lead to nginx daemon / service crash. References: [1] http://www.openwall.com/lists/oss-security/2013/05/07/3 Relevant upstream patch: [2] http://nginx.org/download/patch.2013.chunked.txt
This issue did NOT affect the versions of the nginx package, as shipped with Fedora release of 17, 18, Fedora EPEL-5, and Fedora EPEL-6 (as they did not contain support for HTTP chunked transfer encoding yet).
Created nginx tracking bugs for this issue Affects: fedora-rawhide [bug 960606]