Security update for nginx SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:0813-1 Final 1 1 2018-03-26T10:15:33Z current 2018-03-26T10:15:33Z 2018-03-26T10:15:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for nginx This update for nginx to version 1.13.9 fixes the following issues: - CVE-2017-7529: nginx: Integer overflow in nginx range filter module allowed memory disclosure (bsc#1048265) This update also contains all updates and improvements in 1.13.9 upstream release. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2018-310 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1048265 SUSE Bug 1048265 https://bugzilla.suse.com/1057831 SUSE Bug 1057831 https://bugzilla.suse.com/1059685 SUSE Bug 1059685 https://www.suse.com/security/cve/CVE-2017-7529/ SUSE CVE CVE-2017-7529 page SUSE Package Hub 12 nginx-1.13.9-12.1 vim-plugin-nginx-1.13.9-12.1 nginx-1.13.9-12.1 as a component of SUSE Package Hub 12 vim-plugin-nginx-1.13.9-12.1 as a component of SUSE Package Hub 12 Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request. CVE-2017-7529 SUSE Package Hub 12:nginx-1.13.9-12.1 SUSE Package Hub 12:vim-plugin-nginx-1.13.9-12.1 important 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-7529.html CVE-2017-7529 https://bugzilla.suse.com/1048265 SUSE Bug 1048265