Test ID:	1.3.6.1.4.1.25623.1.0.72029
Category:	Mandrake Local Security Checks
Title:	Mandriva Security Advisory MDVSA-2012:043 (nginx)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to nginx announced via advisory MDVSA-2012:043. A vulnerability has been found and corrected in nginx: Specially crafted backend response could result in sensitive information leak (CVE-2012-1180). The updated packages have been patched to correct this issue. Affected: 2010.1, 2011. Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2012:043 Risk factor : High
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-1180 1026827 http://www.securitytracker.com/id?1026827 20120315 nginx fix for malformed HTTP responses from upstream servers http://seclists.org/bugtraq/2012/Mar/65 48465 http://secunia.com/advisories/48465 48577 http://secunia.com/advisories/48577 52578 http://www.securityfocus.com/bid/52578 80124 http://osvdb.org/80124 DSA-2434 http://www.debian.org/security/2012/dsa-2434 FEDORA-2012-3846 http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077966.html FEDORA-2012-3991 http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076646.html FEDORA-2012-4006 http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076671.html GLSA-201203-22 http://security.gentoo.org/glsa/glsa-201203-22.xml MDVSA-2012:043 http://www.mandriva.com/security/advisories?name=MDVSA-2012:043 [oss-security] 20120315 CVE Request: nginx fix for malformed HTTP responses from upstream servers http://www.openwall.com/lists/oss-security/2012/03/15/5 [oss-security] 20120315 Re: CVE Request: nginx fix for malformed HTTP responses from upstream servers http://www.openwall.com/lists/oss-security/2012/03/15/9 http://nginx.org/download/patch.2012.memory.txt http://nginx.org/en/security_advisories.html http://trac.nginx.org/nginx/changeset/4530/nginx http://trac.nginx.org/nginx/changeset/4531/nginx https://bugzilla.redhat.com/show_bug.cgi?id=803856 nginx-ngxcpystrn-info-disclosure(74191) https://exchange.xforce.ibmcloud.com/vulnerabilities/74191 openSUSE-SU-2012:0469 https://hermes.opensuse.org/messages/14173096
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.