diff --git a/SOURCES/nginx-1.10.2-CVE-2017-7529.patch b/SOURCES/nginx-1.10.2-CVE-2017-7529.patch new file mode 100644 index 0000000..c8eb24f --- /dev/null +++ b/SOURCES/nginx-1.10.2-CVE-2017-7529.patch @@ -0,0 +1,14 @@ +diffsrc/http/modules/ngx_http_range_filter_module.c b/src/http/modules/ngx_http_range_filter_module.c +--- src/http/modules/ngx_http_range_filter_module.c ++++ src/http/modules/ngx_http_range_filter_module.c +@@ -377,6 +377,10 @@ ngx_http_range_parse(ngx_http_request_t + range->start = start; + range->end = end; + ++ if (size > NGX_MAX_OFF_T_VALUE - (end - start)) { ++ return NGX_HTTP_RANGE_NOT_SATISFIABLE; ++ } ++ + size += end - start; + + if (ranges-- == 0) { diff --git a/SPECS/nginx.spec b/SPECS/nginx.spec index 0e18b32..e175395 100644 --- a/SPECS/nginx.spec +++ b/SPECS/nginx.spec @@ -39,7 +39,7 @@ Name: %{?scl:%scl_prefix}nginx Epoch: 1 Version: 1.10.2 -Release: 7%{?dist} +Release: 8%{?dist} Summary: A high performance web server and reverse proxy server Group: System Environment/Daemons @@ -67,6 +67,7 @@ Source200: README.dynamic # removes -Werror in upstream build scripts. -Werror conflicts with # -D_FORTIFY_SOURCE=2 causing warnings to turn into errors. Patch0: nginx-auto-cc-gcc.patch +Patch1: nginx-1.10.2-CVE-2017-7529.patch BuildRequires: gd-devel %if 0%{?with_gperftools} @@ -168,6 +169,7 @@ Requires: %{?scl:%scl_prefix}nginx %prep %setup -q -n nginx-%{version} %patch0 -p0 +%patch1 -p0 -b .CVE-2017-7529 cp %{SOURCE200} . %build @@ -595,6 +597,10 @@ fi %{_libdir}/nginx/modules/ngx_stream_module.so %changelog +* Tue Aug 22 2017 Luboš Uhliarik - 1:1.10.2-8 +- Resolves: CVE-2017-7529 rh-nginx110-nginx: nginx: Integer overflow + in nginx range filter module leading to memory disclosure + * Thu Mar 23 2017 Joe Orton - 1:1.10.2-7 - filter auto-provides from module subpackages (#1434349) - drop perl vendorarch directory ownership (#1434333)