nginx: Arbitrary code execution A vulnerability has been found in nginx which may allow execution of arbitrary code. nginx June 22, 2014 June 22, 2014: 1 505018 remote 1.4.7 1.4.7

nginx is a robust, small, and high performance HTTP and reverse proxy server.

A bug in the SPDY implementation in nginx was found which might cause a heap memory buffer overflow in a worker process by using a specially crafted request. The SPDY implementation is not enabled in default configurations.

A remote attacker could cause execution of arbitrary code by using a specially crafted request.

Disable the spdy module in NGINX_MODULES_HTTP.

All nginx users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.4.7" CVE-2014-0133 BlueKnight K_F