group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 1587577] Re: [CVE-2016-4450] NULL pointer dereference while writing client request body

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1587577@xxxxxxxxxxxxxxxxxx>
Date: Thu, 02 Jun 2016 17:09:51 -0000
Reply-to: Bug 1587577 <1587577@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This bug was fixed in the package nginx - 1.4.6-1ubuntu3.5

---------------
nginx (1.4.6-1ubuntu3.5) trusty-security; urgency=medium

  * SECURITY UPDATE: Null pointer dereference while writing client request
    body (LP: #1587577)
    - debian/patches/cve-2016-4450.patch: Upstream patch to address issue.
    - CVE-2016-4450

 -- Thomas Ward <teward@xxxxxxxxxx>  Tue, 31 May 2016 20:23:03 -0400

** Changed in: nginx (Ubuntu Trusty)
       Status: Confirmed => Fix Released

** Changed in: nginx (Ubuntu Wily)
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1587577

Title:
  [CVE-2016-4450] NULL pointer dereference while writing client request
  body

Status in nginx package in Ubuntu:
  Fix Released
Status in nginx source package in Trusty:
  Fix Released
Status in nginx source package in Vivid:
  Won't Fix
Status in nginx source package in Wily:
  Fix Released
Status in nginx source package in Xenial:
  Fix Released
Status in nginx source package in Yakkety:
  Fix Released
Status in nginx package in Debian:
  Fix Released

Bug description:
  It was announced by NGINX on May 31, 2016 that there is a security
  update for NGINX.  Patches are available as below.

  This is CVE-2016-4450.

  ------

  (http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html)

  A problem was identified in nginx code responsible for saving
  client request body to a temporary file.  A specially crafted request
  might result in worker process crash due to a NULL pointer dereference
  while writing client request body to a temporary file (CVE-2016-4450).

  The problem affects nginx 1.3.9 - 1.11.0.

  The problem is fixed in nginx 1.11.1, 1.10.1.

  Patch for nginx 1.9.13 - 1.11.0 can be found here:

  http://nginx.org/download/patch.2016.write.txt

  Patch for older nginx versions (1.3.9 - 1.9.12):

  http://nginx.org/download/patch.2016.write2.txt

  ------

  Trusty, Vivid, Wily, Xenial, and Yakkety are affected, based on the
  NGINX upstream reported 'affected versions'.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1587577/+subscriptions