Nginx 1.12.1 & 1.13.3 (SecurityFix)

Erulezz · Jul 12, 2017

2017-07-11
nginx-1.12.1 stable and nginx-1.13.3 mainline versions have been released with a fix for the integer overflow in the range filter vulnerability (CVE-2017-7529).

Changes with nginx 1.13.3 11 Jul 2017

*) Security: a specially crafted request might result in an integer
overflow and incorrect processing of ranges in the range filter,
potentially resulting in sensitive information leak (CVE-2017-7529).

https://nginx.org/en/download.html

NocRoom · Sep 15, 2017

im getting a lot of "bad gateway" on this build

Erulezz · Sep 16, 2017

The stable or mainline version?

vlijmenlive · Sep 17, 2017

NocRoom said:
im getting a lot of "bad gateway" on this build

Do you have the "use_hostname_for_alias" set to yes? I had the same so for the moment I have set it to no and that solved it.

NocRoom · Sep 19, 2017

vlijmenlive said:
Do you have the "use_hostname_for_alias" set to yes? I had the same so for the moment I have set it to no and that solved it.

not sure, where do i do this setting ?

Erulezz · Sep 22, 2017

NocRoom said:
not sure, where do i do this setting ?

In options.conf from CustomBuild

Nginx 1.12.1 & 1.13.3 (SecurityFix)

Erulezz

Verified User

NocRoom

Verified User

Erulezz

Verified User

vlijmenlive

Verified User

NocRoom

Verified User

Erulezz

Verified User