Lexa Software: Nginx-ru@sysoev.ru archive

		Apache-Talk @lexa.ru
		Inet-Admins @info.east.ru
		Filmscanners @halftone.co.uk
		Security-alerts @yandex-team.ru
		nginx-ru @sysoev.ru

СТАТЬИ

ПЕРСОНАЛЬНОЕ

ПРОГРАММЫ

ПИШИТЕ
ПИСЬМА

АРХИВ :: nginx-ru

Nginx-ru mailing list archive (nginx-ru@sysoev.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVE-2010-5298

To: nginx-ru@xxxxxxxxx
Subject: Re: CVE-2010-5298
From: Валентин Бартенев <vbart@xxxxxxxxx>
Date: Wed, 30 Apr 2014 14:05:11 +0400
In-reply-to: <5360BFDD.5040309@citrin.ru>
Organization: Nginx, Inc.
References: <5360BFDD.5040309@citrin.ru>

On Wednesday 30 April 2014 13:18:21 Anton Yuzhaninov wrote:
> Подвержен ли nginx этой уязвимости в openssl:
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5298
> ?
> 
> grep по исходникам показывает наличие
> SSL_CTX_set_mode(ssl->ctx, SSL_MODE_RELEASE_BUFFERS);
> 

Если верить описанию "in a multithreaded environment",
а nginx к таковым не относится.

--
Валентин Бартенев
_______________________________________________
nginx-ru mailing list
nginx-ru@xxxxxxxxx
http://mailman.nginx.org/mailman/listinfo/nginx-ru

Follow-Ups:
- Re: CVE-2010-5298
  - From: Anton Yuzhaninov

References:
- CVE-2010-5298
  - From: Anton Yuzhaninov

Prev by Date: CVE-2010-5298
Next by Date: X-Accel-Redirect & невозможно вырезать Set-Cookie
Previous by thread: CVE-2010-5298
Next by thread: Re: CVE-2010-5298
Index(es):
- Date
- Thread