Updated: May 29th, 2013
Note: This issue has been addressed with the May 29th, 2013 stack upgrades.
Risk Assessment: Low – when not using proxy_pass to untrusted upstream HTTP servers
Vulnerable versions: nginx 1.1.4 - 1.2.8, 1.3.0 - 1.4.0. if proxy_pass to untrusted upstream HTTP servers is used.
A security problem related to CVE-2013-2028 was identified, affecting some previous nginx versions if proxy_pass to untrusted upstream HTTP servers is used. The problem may lead to a denial of service or a disclosure of a worker process memory on a specially crafted response from an upstream proxied server. The problem affects nginx 1.1.4 - 1.2.8, 1.3.0 - 1.4.0. The problem is already fixed in nginx 1.5.0, 1.4.1. Version 1.2.9 was released to address the issue in the 1.2.x legacy branch.
Update to the latest cookbook by clicking Upgrade to get the May 29th, 2013 stack.
If you have any questions or concerns, please open a ticket here: https://support.cloud.engineyard.com/tickets/new