[ALAS-2012-63] Amazon Linux - ALAS-2012-63: medium priority package update for nginx
Severity
Medium
Affected Packages
4
CVEs
1
Package updates are available for Amazon Linux that fix the following vulnerabilities:
CVE-2012-1180:
Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.
803856:
CVE-2012-1180 nginx: malformed HTTP response headers leads to information leak
| Package | Affected Version |
|---|---|
 pkg:rpm/amazonlinux/nginx?arch=x86_64&distro=amazonlinux-1
|
< 1.0.14-1.8.amzn1 |
|
pkg:rpm/amazonlinux/nginx?arch=i686&distro=amazonlinux-1
|
< 1.0.14-1.8.amzn1 |
|
pkg:rpm/amazonlinux/nginx-debuginfo?arch=x86_64&distro=amazonlinux-1
|
< 1.0.14-1.8.amzn1 |
|
pkg:rpm/amazonlinux/nginx-debuginfo?arch=i686&distro=amazonlinux-1
|
< 1.0.14-1.8.amzn1 |
- ID
- ALAS-2012-63
- Severity
- medium
- URL
- https://alas.aws.amazon.com/ALAS-2012-63.html
- Published
-
2012-04-05T12:50:00
(12 years ago) - Modified
-
2014-09-14T15:58:00
(10 years ago) - Rights
- Amazon Linux Security Team
- Other Advisories
FEDORA-2012-3846
GLSA-201203-22
NGINX:CVE-2012-1180| Source | # ID | Name | URL |
|---|---|---|---|
| CVE | CVE-2012-1180 |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/amazonlinux/nginx?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
nginx
|
< 1.0.14-1.8.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/nginx?arch=i686&distro=amazonlinux-1 | amazonlinux |
nginx
|
< 1.0.14-1.8.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/nginx-debuginfo?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
nginx-debuginfo
|
< 1.0.14-1.8.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/nginx-debuginfo?arch=i686&distro=amazonlinux-1 | amazonlinux |
nginx-debuginfo
|
< 1.0.14-1.8.amzn1 | amazonlinux-1 | i686 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |