[Pkg-nginx-maintainers] Bug#1024605: nginx: NULL deref in HTTP SSI module cause worker crash SEGV
Ciel Zhao
debian at ciel.dev
Tue Nov 22 02:33:08 GMT 2022
Package: nginx
Version: 1.22.1-1
Severity: normal
Tags: patch upstream
X-Debbugs-Cc: debian at ciel.dev
When a subrequest has SSI enabled but its main request does not, the SSI module
may crash the worker due to NULL-pointer dereference.
This bug has been reported since 2017 to NGINX, and a patch is just accepted by
the upstream.
See:
Patch: https://hg.nginx.org/nginx/rev/49e7db44b57c
Issue Trac: https://trac.nginx.org/nginx/ticket/1263
Maillist: https://mailman.nginx.org/archives/list/nginx-devel@nginx.org/thread/E2HSRDHFSDWXVJ464B2GQD7PEDQ5AVMI/
-- System Information:
Debian Release: bookworm/sid
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'unstable'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.15.64-1-pve (SMP w/8 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages nginx depends on:
ii nginx-core 1.22.1-1
nginx recommends no packages.
nginx suggests no packages.
-- no debconf information
More information about the Pkg-nginx-maintainers
mailing list