← Back to team overview

group.of.nepali.translators team mailing list archive

[Bug 1587577] Re: Security Advisory - May 31 2016 - CVE-2016-4450

 

** Bug watch added: Debian Bug tracker #825960
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=825960

** Also affects: nginx (Debian) via
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=825960
   Importance: Unknown
       Status: Unknown

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1587577

Title:
  Security Advisory - May 31 2016 - CVE-2016-4450

Status in nginx package in Ubuntu:
  In Progress
Status in nginx source package in Trusty:
  Confirmed
Status in nginx source package in Vivid:
  Confirmed
Status in nginx source package in Wily:
  Confirmed
Status in nginx source package in Xenial:
  Confirmed
Status in nginx source package in Yakkety:
  In Progress
Status in nginx package in Debian:
  Unknown

Bug description:
  It was announced by NGINX on May 31, 2016 that there is a security
  update for NGINX.  Patches are available as below.

  This is CVE-2016-4450.

  ------

  (http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html)

  A problem was identified in nginx code responsible for saving
  client request body to a temporary file.  A specially crafted request
  might result in worker process crash due to a NULL pointer dereference
  while writing client request body to a temporary file (CVE-2016-4450).

  The problem affects nginx 1.3.9 - 1.11.0.

  The problem is fixed in nginx 1.11.1, 1.10.1.

  Patch for nginx 1.9.13 - 1.11.0 can be found here:

  http://nginx.org/download/patch.2016.write.txt

  Patch for older nginx versions (1.3.9 - 1.9.12):

  http://nginx.org/download/patch.2016.write2.txt

  ------

  Trusty, Vivid, Wily, Xenial, and Yakkety are affected, based on the
  NGINX upstream reported 'affected versions'.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1587577/+subscriptions