SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Web Server/CGI)  >   nginx Vendors:   nginx.org
(Red Hat Issues Fix) nginx Range Filter Flaw Lets Remote Users Obtain Potentially Sensitive Information on the Target System
SecurityTracker Alert ID:  1039240
SecurityTracker URL:  http://securitytracker.com/id/1039240
CVE Reference:   CVE-2017-7529   (Links to External Site)
Date:  Aug 29 2017
Impact:   Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 0.5.6 - 1.13.2
Description:   A vulnerability was reported in nginx. A remote user can obtain potentially sensitive information on the target system.

A remote user can send a specially crafted request to trigger an integer overflow and incorrect range processing in the nginx range filter to obtain potentially sensitive information from the cache on the target system.

Impact:   A remote user can obtain potentially sensitive information on the target system.
Solution:   Red Hat has issued a fix for rh-nginx110-nginx.

The Red Hat advisory is available at:

https://access.redhat.com/errata/RHSA-2017:2538

Vendor URL:  access.redhat.com/errata/RHSA-2017:2538 (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Red Hat Enterprise)
Underlying OS Comments:  6, 6.7, 7, 7.3

Message History:   This archive entry is a follow-up to the message listed below.
Aug 29 2017 nginx Range Filter Flaw Lets Remote Users Obtain Potentially Sensitive Information on the Target System



 Source Message Contents

Subject:  [RHSA-2017:2538-01] Low: rh-nginx110-nginx security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Low: rh-nginx110-nginx security update
Advisory ID:       RHSA-2017:2538-01
Product:           Red Hat Software Collections
Advisory URL:      https://access.redhat.com/errata/RHSA-2017:2538
Issue date:        2017-08-28
CVE Names:         CVE-2017-7529 
=====================================================================

1. Summary:

An update for rh-nginx110-nginx is now available for Red Hat Software
Collections.

Red Hat Product Security has rated this update as having a security impact
of Low. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64

3. Description:

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and
IMAP protocols, with a strong focus on high concurrency, performance and
low memory usage.

Security Fix(es):

* A flaw within the processing of ranged HTTP requests has been discovered
in the range filter module of nginx. A remote attacker could possibly
exploit this flaw to disclose parts of the cache file header, or, if used
in combination with third party modules, disclose potentially sensitive
memory by sending specially crafted HTTP requests. (CVE-2017-7529)

Red Hat would like to thank the Nginx project for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1468584 - CVE-2017-7529 nginx: Integer overflow in nginx range filter module leading to memory disclosure

6. Package List:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):

Source:
rh-nginx110-nginx-1.10.2-8.el6.src.rpm

x86_64:
rh-nginx110-nginx-1.10.2-8.el6.x86_64.rpm
rh-nginx110-nginx-debuginfo-1.10.2-8.el6.x86_64.rpm
rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el6.x86_64.rpm
rh-nginx110-nginx-mod-http-perl-1.10.2-8.el6.x86_64.rpm
rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el6.x86_64.rpm
rh-nginx110-nginx-mod-mail-1.10.2-8.el6.x86_64.rpm
rh-nginx110-nginx-mod-stream-1.10.2-8.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):

Source:
rh-nginx110-nginx-1.10.2-8.el6.src.rpm

x86_64:
rh-nginx110-nginx-1.10.2-8.el6.x86_64.rpm
rh-nginx110-nginx-debuginfo-1.10.2-8.el6.x86_64.rpm
rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el6.x86_64.rpm
rh-nginx110-nginx-mod-http-perl-1.10.2-8.el6.x86_64.rpm
rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el6.x86_64.rpm
rh-nginx110-nginx-mod-mail-1.10.2-8.el6.x86_64.rpm
rh-nginx110-nginx-mod-stream-1.10.2-8.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):

Source:
rh-nginx110-nginx-1.10.2-8.el6.src.rpm

x86_64:
rh-nginx110-nginx-1.10.2-8.el6.x86_64.rpm
rh-nginx110-nginx-debuginfo-1.10.2-8.el6.x86_64.rpm
rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el6.x86_64.rpm
rh-nginx110-nginx-mod-http-perl-1.10.2-8.el6.x86_64.rpm
rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el6.x86_64.rpm
rh-nginx110-nginx-mod-mail-1.10.2-8.el6.x86_64.rpm
rh-nginx110-nginx-mod-stream-1.10.2-8.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source:
rh-nginx110-nginx-1.10.2-8.el7.src.rpm

x86_64:
rh-nginx110-nginx-1.10.2-8.el7.x86_64.rpm
rh-nginx110-nginx-debuginfo-1.10.2-8.el7.x86_64.rpm
rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.x86_64.rpm
rh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.x86_64.rpm
rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.x86_64.rpm
rh-nginx110-nginx-mod-mail-1.10.2-8.el7.x86_64.rpm
rh-nginx110-nginx-mod-stream-1.10.2-8.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3):

Source:
rh-nginx110-nginx-1.10.2-8.el7.src.rpm

x86_64:
rh-nginx110-nginx-1.10.2-8.el7.x86_64.rpm
rh-nginx110-nginx-debuginfo-1.10.2-8.el7.x86_64.rpm
rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.x86_64.rpm
rh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.x86_64.rpm
rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.x86_64.rpm
rh-nginx110-nginx-mod-mail-1.10.2-8.el7.x86_64.rpm
rh-nginx110-nginx-mod-stream-1.10.2-8.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

Source:
rh-nginx110-nginx-1.10.2-8.el7.src.rpm

x86_64:
rh-nginx110-nginx-1.10.2-8.el7.x86_64.rpm
rh-nginx110-nginx-debuginfo-1.10.2-8.el7.x86_64.rpm
rh-nginx110-nginx-mod-http-image-filter-1.10.2-8.el7.x86_64.rpm
rh-nginx110-nginx-mod-http-perl-1.10.2-8.el7.x86_64.rpm
rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-8.el7.x86_64.rpm
rh-nginx110-nginx-mod-mail-1.10.2-8.el7.x86_64.rpm
rh-nginx110-nginx-mod-stream-1.10.2-8.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2017-7529
https://access.redhat.com/security/updates/classification/#low

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2017 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFZpJOQXlSAg2UNWIIRAmScAJ4wJSfq0I+2JBvww6c9AkJKZx4YAACdHwbT
Rf+yBkpEe91OHNNto3rboqM=
=rlDh
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2017, SecurityGlobal.net LLC