group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 1587577] Re: [CVE-2016-4450] NULL pointer dereference while writing client request body

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1587577@xxxxxxxxxxxxxxxxxx>
Date: Wed, 01 Jun 2016 01:03:23 -0000
Reply-to: Bug 1587577 <1587577@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This bug was fixed in the package nginx - 1.10.1-0ubuntu1

---------------
nginx (1.10.1-0ubuntu1) yakkety; urgency=medium

  * New upstream release (1.10.1) - full changelog available at upstream
    website - http://nginx.org/en/CHANGES-1.10.
  * Update done to address the following security issues:
    - [CVE-2016-4450] NULL pointer dereference while writing client
      request body. (LP: #1587577)
  * Additional changes:
    * debian/patches/ubuntu-branding.patch: Refreshed Ubuntu Branding patch.

 -- Thomas Ward <teward@xxxxxxxxxx>  Tue, 31 May 2016 19:09:33 -0400

** Changed in: nginx (Ubuntu Yakkety)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1587577

Title:
  [CVE-2016-4450] NULL pointer dereference while writing client request
  body

Status in nginx package in Ubuntu:
  Fix Released
Status in nginx source package in Trusty:
  Confirmed
Status in nginx source package in Vivid:
  Won't Fix
Status in nginx source package in Wily:
  Confirmed
Status in nginx source package in Xenial:
  Confirmed
Status in nginx source package in Yakkety:
  Fix Released
Status in nginx package in Debian:
  Fix Released

Bug description:
  It was announced by NGINX on May 31, 2016 that there is a security
  update for NGINX.  Patches are available as below.

  This is CVE-2016-4450.

  ------

  (http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html)

  A problem was identified in nginx code responsible for saving
  client request body to a temporary file.  A specially crafted request
  might result in worker process crash due to a NULL pointer dereference
  while writing client request body to a temporary file (CVE-2016-4450).

  The problem affects nginx 1.3.9 - 1.11.0.

  The problem is fixed in nginx 1.11.1, 1.10.1.

  Patch for nginx 1.9.13 - 1.11.0 can be found here:

  http://nginx.org/download/patch.2016.write.txt

  Patch for older nginx versions (1.3.9 - 1.9.12):

  http://nginx.org/download/patch.2016.write2.txt

  ------

  Trusty, Vivid, Wily, Xenial, and Yakkety are affected, based on the
  NGINX upstream reported 'affected versions'.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1587577/+subscriptions