Mailinglist Archive: opensuse-updates (200 mails)

< Previous Next >
openSUSE-SU-2013:1015-1: moderate: version update for nginx
openSUSE Security Update: version update for nginx

Announcement ID: openSUSE-SU-2013:1015-1
Rating: moderate
References: #821184
Cross-References: CVE-2013-2070
Affected Products:
openSUSE 12.3

An update that fixes one vulnerability is now available.


This version update for nginx to 1.2.9 includes a security
fix and several bugfixes and feature enhancements.
*) Security: contents of worker process memory might be
sent to a client if HTTP backend returned specially
crafted response (CVE-2013-2070); the bug had appeared
in 1.1.4.
- changes with 1.2.8:
*) Bugfix: new sessions were not always stored if the
"ssl_session_cache shared" directive was used and there
was no free space in shared memory.
*) Bugfix: responses might hang if subrequests were used
and a DNS error happened during subrequest processing.
*) Bugfix: in the ngx_http_mp4_module.
*) Bugfix: in backend usage accounting.
- changes with nginx 1.2.7
*) Change: now if the "include" directive with mask is
used on Unix systems, included files are sorted in
alphabetical order.
*) Change: the "add_header" directive adds headers to 201
*) Feature: the "geo" directive now supports IPv6
addresses in CIDR notation.
*) Feature: the "flush" and "gzip" parameters of the
"access_log" directive.
*) Feature: variables support in the "auth_basic"
*) Feature: the $pipe, $request_length, $time_iso8601,
and $time_local variables can now be used not only in
the "log_format" directive.
*) Feature: IPv6 support in the ngx_http_geoip_module.
*) Bugfix: nginx could not be built with the
ngx_http_perl_module in some cases.
*) Bugfix: a segmentation fault might occur in a worker
process if the ngx_http_xslt_module was used.
*) Bugfix: nginx could not be built on MacOSX in some
*) Bugfix: the "limit_rate" directive with high rates
might result in truncated responses on 32-bit platforms.
*) Bugfix: a segmentation fault might occur in a worker
process if the "if" directive was used.
*) Bugfix: a "100 Continue" response was issued with "413
Request Entity Too Large" responses.
*) Bugfix: the "image_filter",
"image_filter_jpeg_quality" and "image_filter_sharpen"
directives might be inherited incorrectly.
*) Bugfix: "crypt_r() failed" errors might appear if the
"auth_basic" directive was used on Linux.
*) Bugfix: in backup servers handling.
*) Bugfix: proxied HEAD requests might return incorrect
response if the "gzip" directive was used.
*) Bugfix: a segmentation fault occurred on start or
during reconfiguration if the "keepalive" directive was
specified more than once in a single upstream block.
*) Bugfix: in the "proxy_method" directive.
*) Bugfix: a segmentation fault might occur in a worker
process if resolver was used with the poll method.
*) Bugfix: nginx might hog CPU during SSL handshake with
a backend if the select, poll, or /dev/poll methods were
*) Bugfix: the "[crit] SSL_write() failed (SSL:)" error.
*) Bugfix: in the "fastcgi_keep_conn" directive.

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 12.3:

zypper in -t patch openSUSE-2013-484

To bring your system up-to-date, use "zypper patch".

Package List:

- openSUSE 12.3 (i586 x86_64):



< Previous Next >
This Thread
  • No further messages