CVE-2017-7529

Priority
Description
Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to
integer overflow vulnerability in nginx range filter module resulting into
leak of potentially sensitive information triggered by specially crafted
request.
Notes
sbeattiefrom the nginx announcement, the following configuration can
be used as a temporary workaround:
max_ranges 1;
Package
Source: nginx (LP Ubuntu Debian)
Upstream:released (1.12.1, 1.13.3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):released (1.4.6-1ubuntu3.8)
Ubuntu 16.04 LTS (Xenial Xerus):released (1.10.3-0ubuntu0.16.04.2)
Patches:
Upstream:http://nginx.org/download/patch.2017.ranges.txt
Upstream:https://trac.nginx.org/nginx/changeset?old=7058&old_path=nginx%2Fsrc&new=1adc6b0d5eaa3bddd6bb1ef7b78b9511d536f14e&new_path=nginx%2Fsrc
More Information

Updated: 2020-01-29 19:59:49 UTC (commit 768ceb2fdee6790d707d0f681e1b54916744af1e)