GLSA: 201310-04 Release date: October 06, 2013 Severity: normal Exploitable: local, remote Affected Package Package: www-servers/nginx Affected versions: = 1.4.1-r2 Description Multiple vulnerabilities have been discovered in nginx. Please review the CVE Identifiers referenced below for details. Impact A remote attacker could send a specially crafted request, possibly resulting in execution of arbitrary code with the privileges of the process, or a Denial of Service condition. Furthermore, a context-dependent attacker may be able to obtain sensitive information. Workaround There is no known workaround at this time. Resolution All nginx users should upgrade to the latest version: References CVE-2013-0337 CVE-2013-2028 CVE-2013-2070