[SECURITY] Fedora 17 Update: nginx-1.0.15-9.fc17
updates at fedoraproject.org
updates at fedoraproject.org
Mon Mar 4 22:43:19 UTC 2013
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2013-2955
2013-02-24 07:40:25
--------------------------------------------------------------------------------
Name : nginx
Product : Fedora 17
Version : 1.0.15
Release : 9.fc17
URL : http://nginx.org/
Summary : A high performance web server and reverse proxy server
Description :
Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and
IMAP protocols, with a strong focus on high concurrency, performance and low
memory usage.
--------------------------------------------------------------------------------
Update Information:
Make sure nginx directories are not world readable
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 22 2013 Jamie Nguyen <jamielinux at fedoraproject.org> - 1:1.0.15-9
- make sure nginx directories are not world readable (#913734, #913735)
* Wed Dec 19 2012 Jamie Nguyen <jamielinux at fedoraproject.org> - 1:1.0.15-8
- use correct file ownership when rotating log files
* Tue Dec 18 2012 Jamie Nguyen <jamielinux at fedoraproject.org> - 1:1.0.15-7
- send correct kill signal and use correct file permissions when rotating
log files (#888225)
- send correct kill signal in nginx-upgrade
* Sun Oct 28 2012 Jamie Nguyen <jamielinux at fedoraproject.org> - 1:1.0.15-6
- incorrect bug number in changelog
* Sun Oct 28 2012 Jamie Nguyen <jamielinux at fedoraproject.org> - 1:1.0.15-5
- add nginx man page (#870738)
- add nginx-upgrade man page and remove README.fedora
- link to official documentation instead of the community wiki (#870733)
- do not run systemctl try-restart after package upgrade to allow the
administrator to run nginx-upgrade and avoid downtime
- default.conf: add "default_server" to the "listen" directive (#842738)
* Wed May 16 2012 Jamie Nguyen <jamielinux at fedoraproject.org> - 1:1.0.15-4
- add nginx-upgrade to replace functionality from the nginx initscript
that was lost after migration to systemd
- add README.fedora to describe usage of nginx-upgrade
- nginx.logrotate: use built-in systemd kill command in postrotate script
- nginx.service: start after syslog.target and network.target
- nginx.service: remove unnecessary references to config file location
- nginx.service: use /bin/kill instead of "/usr/sbin/nginx -s" following
advice from nginx-devel
- nginx.service: use private /tmp
* Mon May 14 2012 Jamie Nguyen <jamielinux at fedoraproject.org> - 1:1.0.15-3
- fix incorrect postrotate script in nginx.logrotate
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #913734 - CVE-2013-0337 nginx: world-readable log files
https://bugzilla.redhat.com/show_bug.cgi?id=913734
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update nginx' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list