group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #04384
[Bug 1587577] Re: [CVE-2016-4450] NULL pointer dereference while writing client request body
This bug was fixed in the package nginx - 1.10.1-0ubuntu1
---------------
nginx (1.10.1-0ubuntu1) yakkety; urgency=medium
* New upstream release (1.10.1) - full changelog available at upstream
website - http://nginx.org/en/CHANGES-1.10.
* Update done to address the following security issues:
- [CVE-2016-4450] NULL pointer dereference while writing client
request body. (LP: #1587577)
* Additional changes:
* debian/patches/ubuntu-branding.patch: Refreshed Ubuntu Branding patch.
-- Thomas Ward <teward@xxxxxxxxxx> Tue, 31 May 2016 19:09:33 -0400
** Changed in: nginx (Ubuntu Yakkety)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1587577
Title:
[CVE-2016-4450] NULL pointer dereference while writing client request
body
Status in nginx package in Ubuntu:
Fix Released
Status in nginx source package in Trusty:
Confirmed
Status in nginx source package in Vivid:
Won't Fix
Status in nginx source package in Wily:
Confirmed
Status in nginx source package in Xenial:
Confirmed
Status in nginx source package in Yakkety:
Fix Released
Status in nginx package in Debian:
Fix Released
Bug description:
It was announced by NGINX on May 31, 2016 that there is a security
update for NGINX. Patches are available as below.
This is CVE-2016-4450.
------
(http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html)
A problem was identified in nginx code responsible for saving
client request body to a temporary file. A specially crafted request
might result in worker process crash due to a NULL pointer dereference
while writing client request body to a temporary file (CVE-2016-4450).
The problem affects nginx 1.3.9 - 1.11.0.
The problem is fixed in nginx 1.11.1, 1.10.1.
Patch for nginx 1.9.13 - 1.11.0 can be found here:
http://nginx.org/download/patch.2016.write.txt
Patch for older nginx versions (1.3.9 - 1.9.12):
http://nginx.org/download/patch.2016.write2.txt
------
Trusty, Vivid, Wily, Xenial, and Yakkety are affected, based on the
NGINX upstream reported 'affected versions'.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1587577/+subscriptions