nginx deny all doesn't support ipv6
Bug #929334 reported by
kolya
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
nginx (Ubuntu) |
Fix Released
|
Undecided
|
Michael Lustfield | ||
Lucid |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
Hi.
When stock nginx is reconfigured to use ipv6 connection all rules that say 'deny all' suddenly become useless.
This is very confusing and happens on LTS server.
I think this is a serious security problem because nobody really expects those rules to stop working once nginx gets ipv6 socket. The fix is available from upstream.
Please let me know if any additional information is required.
Thanks.
Changed in nginx (Ubuntu): | |
status: | Invalid → Fix Released |
Changed in nginx (Ubuntu Lucid): | |
assignee: | nobody → Thomas Ward (trekcaptainusa-tw) |
To post a comment you must log in.
Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https:/ /wiki.ubuntu. com/SecurityTea m/UpdateProcedu res