group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 1587577] Re: [CVE-2016-4450] NULL pointer dereference while writing client request body

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Thomas Ward <teward@xxxxxxxxxxx>
Date: Wed, 01 Jun 2016 00:31:07 -0000
Reply-to: Bug 1587577 <1587577@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Vivid is End of Life; it was added to the bug as a result of myself
clicking all the affected series... oopsies!  Marking Won't Fix, because
EOL.

** Changed in: nginx (Ubuntu Vivid)
       Status: Confirmed => Won't Fix

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1587577

Title:
  [CVE-2016-4450] NULL pointer dereference while writing client request
  body

Status in nginx package in Ubuntu:
  Fix Committed
Status in nginx source package in Trusty:
  Confirmed
Status in nginx source package in Vivid:
  Won't Fix
Status in nginx source package in Wily:
  Confirmed
Status in nginx source package in Xenial:
  Confirmed
Status in nginx source package in Yakkety:
  Fix Committed
Status in nginx package in Debian:
  Unknown

Bug description:
  It was announced by NGINX on May 31, 2016 that there is a security
  update for NGINX.  Patches are available as below.

  This is CVE-2016-4450.

  ------

  (http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html)

  A problem was identified in nginx code responsible for saving
  client request body to a temporary file.  A specially crafted request
  might result in worker process crash due to a NULL pointer dereference
  while writing client request body to a temporary file (CVE-2016-4450).

  The problem affects nginx 1.3.9 - 1.11.0.

  The problem is fixed in nginx 1.11.1, 1.10.1.

  Patch for nginx 1.9.13 - 1.11.0 can be found here:

  http://nginx.org/download/patch.2016.write.txt

  Patch for older nginx versions (1.3.9 - 1.9.12):

  http://nginx.org/download/patch.2016.write2.txt

  ------

  Trusty, Vivid, Wily, Xenial, and Yakkety are affected, based on the
  NGINX upstream reported 'affected versions'.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1587577/+subscriptions