A similar security issue to CVE-2013-2028 was identified [1] for versions of nginx if proxy_pass to untrusted upstream HTTP servers are used, which could lead to a denial of service or a disclosure of a worker process' memory. The problem affects nginx 1.1.4 - 1.2.8, 1.3.0 - 1.4.0 and was assigned the name CVE-2013-2070, so only Fedora 18 is affected. http://nginx.org/download/patch.2013.proxy.txt [1] http://www.openwall.com/lists/oss-security/2013/05/13/3
Created nginx tracking bugs for this issue Affects: fedora-18 [bug 962526]
nginx-announce ML post: http://mailman.nginx.org/pipermail/nginx-announce/2013/000114.html
nginx-1.2.9-1.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.