13 Apr 2012
This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.
A vulnerability has been reported in nginx, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to an error within the ngx_http_mp4_module module when parsing certain atoms and can be exploited to cause a buffer overflow via a specially crafted MP4 file placed on the server.
Successful exploitation may allow execution of arbitrary code but requires that ngx_http_mp4_module module is enabled and the "mp4" directive is configured.
The vulnerability is reported in versions 1.1.3 through 1.1.18 and 1.0.7 through 1.0.14.
Update to version 1.1.19 or 1.0.15.
The vendor credits Matthew Daley.