Comment 5 for bug 1538165

This bug was fixed in the package nginx - 1.9.10-0ubuntu1

---------------
nginx (1.9.10-0ubuntu1) xenial; urgency=medium

  * New upstream release.
  * debian/patches/ubuntu-branding.patch: Refreshed Ubuntu Branding patch
  * Security content of this upload addresses the following vulnerabilities
    and CVE-numbered Security issues: (LP: #1538165)
    - Invalid pointer dereference might occur during DNS server response
      processing, allowing an attacker who is able to forge UDP
      packets from the DNS server to cause worker process crash
      (CVE-2016-0742).
    - Use-after-free condition might occur during CNAME response
      processing. This problem allows an attacker who is able to trigger
      name resolution to cause worker process crash, or might
      have potential other impact (CVE-2016-0746).
    - CNAME resolution was insufficiently limited, allowing an attacker who
      is able to trigger arbitrary name resolution to cause excessive resource
      consumption in worker processes (CVE-2016-0747).

 -- Thomas Ward <email address hidden> Tue, 26 Jan 2016 14:53:01 -0500