CVE-2017-7529

Priority
Medium
Description
Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to
integer overflow vulnerability in nginx range filter module resulting into
leak of potentially sensitive information triggered by specially crafted
request.
References
Bugs
Notes
 sbeattie> from the nginx announcement, the following configuration can
  be used as a temporary workaround:
  max_ranges 1;
Package
Source: nginx (LP Ubuntu Debian)
Upstream:released (1.12.1, 1.13.3)
Ubuntu 17.10 (Artful Aardvark):not-affected (1.12.1-0ubuntu1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (1.4.6-1ubuntu3.8)
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (1.10.3-0ubuntu0.16.04.2)
Ubuntu 16.10 (Yakkety Yak):released (1.10.1-0ubuntu1.3)
Ubuntu 17.04 (Zesty Zapus):released (1.10.3-1ubuntu3.1)
Patches:
Upstream:http://nginx.org/download/patch.2017.ranges.txt
Upstream:https://trac.nginx.org/nginx/changeset?old=7058&old_path=nginx%2Fsrc&new=1adc6b0d5eaa3bddd6bb1ef7b78b9511d536f14e&new_path=nginx%2Fsrc
More Information

Updated: 2017-07-19 21:14:40 UTC (commit 12922)