[Bug 1538165] Re: Security Issues Impacting NGINX: 1.8.x, 1.9.x
Launchpad Bug Tracker
1538165 at bugs.launchpad.net
Tue Jan 26 22:07:03 UTC 2016
This bug was fixed in the package nginx - 1.9.10-0ubuntu1
---------------
nginx (1.9.10-0ubuntu1) xenial; urgency=medium
* New upstream release.
* debian/patches/ubuntu-branding.patch: Refreshed Ubuntu Branding patch
* Security content of this upload addresses the following vulnerabilities
and CVE-numbered Security issues: (LP: #1538165)
- Invalid pointer dereference might occur during DNS server response
processing, allowing an attacker who is able to forge UDP
packets from the DNS server to cause worker process crash
(CVE-2016-0742).
- Use-after-free condition might occur during CNAME response
processing. This problem allows an attacker who is able to trigger
name resolution to cause worker process crash, or might
have potential other impact (CVE-2016-0746).
- CNAME resolution was insufficiently limited, allowing an attacker who
is able to trigger arbitrary name resolution to cause excessive resource
consumption in worker processes (CVE-2016-0747).
-- Thomas Ward <teward at ubuntu.com> Tue, 26 Jan 2016 14:53:01 -0500
** Changed in: nginx (Ubuntu Xenial)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nginx in Ubuntu.
https://bugs.launchpad.net/bugs/1538165
Title:
Security Issues Impacting NGINX: 1.8.x, 1.9.x
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1538165/+subscriptions
More information about the Ubuntu-server-bugs
mailing list