[security-announce] openSUSE-SU-2012:0237-1: important: VUL-0: nginx: heap overflow from opensuse-security_at_opensuse.org on 2012-02-09 (suse-security-announce)

From: <opensuse-security_at_opensuse.org>
Date: Thu, 9 Feb 2012 19:10:57 +0100 (CET)
Message-Id: <20120209181057.6A7F0320E0@maintenance.suse.de>

openSUSE Security Update: VUL-0: nginx: heap overflow
______________________________________________________________________________

Announcement ID: openSUSE-SU-2012:0237-1
Rating: important
References: #731084
Cross-References: CVE-2011-4315
Affected Products:
openSUSE 11.4
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

   A flaw in the custom DNS resolver of nginx could lead to a
   heap based buffer overflow which could potentially allow
   attackers to execute arbitrary code or to cause a Denial of
   Service (bnc#731084, CVE-2011-4315).

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 11.4:

zypper in -t patch nginx-0.8-5467

To bring your system up-to-date, use "zypper patch".

Package List:

- openSUSE 11.4 (i586 x86_64):

nginx-0.8-0.8.53-4.9.1

References:

http://support.novell.com/security/cve/CVE-2011-4315.html
https://bugzilla.novell.com/731084

-- 
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe_at_opensuse.org
For additional commands, e-mail: opensuse-security-announce+help_at_opensuse.org

Received on Thu 09 Feb 2012 - 19:42:06 CET

This archive was generated by hypermail 2.2.0 : Wed 16 May 2012 - 21:13:59 CEST