2016-05-31 17:06:53 |
Thomas Ward |
bug |
|
|
added bug |
2016-05-31 17:07:11 |
Thomas Ward |
description |
It was announced by NGINX on May 31, 2016 that there is a security update for NGINX.
------
(http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html)
A problem was identified in nginx code responsible for saving
client request body to a temporary file. A specially crafted request
might result in worker process crash due to a NULL pointer dereference
while writing client request body to a temporary file (CVE-2016-4450).
The problem affects nginx 1.3.9 - 1.11.0.
The problem is fixed in nginx 1.11.1, 1.10.1.
Patch for nginx 1.9.13 - 1.11.0 can be found here:
http://nginx.org/download/patch.2016.write.txt
Patch for older nginx versions (1.3.9 - 1.9.12):
http://nginx.org/download/patch.2016.write2.txt
------
Trusty, Vivid, Wily, Xenial, and Yakkety are affected. |
It was announced by NGINX on May 31, 2016 that there is a security update for NGINX.
------
(http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html)
A problem was identified in nginx code responsible for saving
client request body to a temporary file. A specially crafted request
might result in worker process crash due to a NULL pointer dereference
while writing client request body to a temporary file (CVE-2016-4450).
The problem affects nginx 1.3.9 - 1.11.0.
The problem is fixed in nginx 1.11.1, 1.10.1.
Patch for nginx 1.9.13 - 1.11.0 can be found here:
http://nginx.org/download/patch.2016.write.txt
Patch for older nginx versions (1.3.9 - 1.9.12):
http://nginx.org/download/patch.2016.write2.txt
------
Trusty, Vivid, Wily, Xenial, and Yakkety are affected, based on the NGINX upstream reported 'affected versions'. |
|
2016-05-31 17:07:18 |
Thomas Ward |
nominated for series |
|
Ubuntu Yakkety |
|
2016-05-31 17:07:18 |
Thomas Ward |
bug task added |
|
nginx (Ubuntu Yakkety) |
|
2016-05-31 17:07:18 |
Thomas Ward |
nominated for series |
|
Ubuntu Vivid |
|
2016-05-31 17:07:18 |
Thomas Ward |
bug task added |
|
nginx (Ubuntu Vivid) |
|
2016-05-31 17:07:18 |
Thomas Ward |
nominated for series |
|
Ubuntu Trusty |
|
2016-05-31 17:07:18 |
Thomas Ward |
bug task added |
|
nginx (Ubuntu Trusty) |
|
2016-05-31 17:07:18 |
Thomas Ward |
nominated for series |
|
Ubuntu Xenial |
|
2016-05-31 17:07:18 |
Thomas Ward |
bug task added |
|
nginx (Ubuntu Xenial) |
|
2016-05-31 17:07:18 |
Thomas Ward |
nominated for series |
|
Ubuntu Wily |
|
2016-05-31 17:07:18 |
Thomas Ward |
bug task added |
|
nginx (Ubuntu Wily) |
|
2016-05-31 17:07:23 |
Thomas Ward |
nginx (Ubuntu Xenial): status |
New |
Confirmed |
|
2016-05-31 17:07:25 |
Thomas Ward |
nginx (Ubuntu Wily): status |
New |
Confirmed |
|
2016-05-31 17:07:29 |
Thomas Ward |
nginx (Ubuntu Vivid): status |
New |
Confirmed |
|
2016-05-31 17:07:31 |
Thomas Ward |
nginx (Ubuntu Trusty): status |
New |
Confirmed |
|
2016-05-31 17:07:36 |
Thomas Ward |
nginx (Ubuntu Yakkety): assignee |
|
Thomas Ward (teward) |
|
2016-05-31 17:07:52 |
Thomas Ward |
cve linked |
|
2016-4450 |
|
2016-05-31 17:08:04 |
Thomas Ward |
summary |
Security Advisory - May 31 2016 |
Security Advisory - May 31 2016 - CVE-2016-4450 |
|
2016-05-31 17:09:01 |
Thomas Ward |
description |
It was announced by NGINX on May 31, 2016 that there is a security update for NGINX.
------
(http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html)
A problem was identified in nginx code responsible for saving
client request body to a temporary file. A specially crafted request
might result in worker process crash due to a NULL pointer dereference
while writing client request body to a temporary file (CVE-2016-4450).
The problem affects nginx 1.3.9 - 1.11.0.
The problem is fixed in nginx 1.11.1, 1.10.1.
Patch for nginx 1.9.13 - 1.11.0 can be found here:
http://nginx.org/download/patch.2016.write.txt
Patch for older nginx versions (1.3.9 - 1.9.12):
http://nginx.org/download/patch.2016.write2.txt
------
Trusty, Vivid, Wily, Xenial, and Yakkety are affected, based on the NGINX upstream reported 'affected versions'. |
It was announced by NGINX on May 31, 2016 that there is a security update for NGINX. Patches are available as below.
This is CVE-2016-4450.
------
(http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html)
A problem was identified in nginx code responsible for saving
client request body to a temporary file. A specially crafted request
might result in worker process crash due to a NULL pointer dereference
while writing client request body to a temporary file (CVE-2016-4450).
The problem affects nginx 1.3.9 - 1.11.0.
The problem is fixed in nginx 1.11.1, 1.10.1.
Patch for nginx 1.9.13 - 1.11.0 can be found here:
http://nginx.org/download/patch.2016.write.txt
Patch for older nginx versions (1.3.9 - 1.9.12):
http://nginx.org/download/patch.2016.write2.txt
------
Trusty, Vivid, Wily, Xenial, and Yakkety are affected, based on the NGINX upstream reported 'affected versions'. |
|
2016-05-31 17:13:51 |
Thomas Ward |
nginx (Ubuntu Yakkety): status |
Confirmed |
In Progress |
|
2016-05-31 19:24:20 |
Thomas Ward |
bug watch added |
|
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=825960 |
|
2016-05-31 19:24:20 |
Thomas Ward |
bug task added |
|
nginx (Debian) |
|
2016-05-31 23:11:35 |
Thomas Ward |
summary |
Security Advisory - May 31 2016 - CVE-2016-4450 |
[CVE-2016-4450] NULL pointer dereference while writing client request body |
|
2016-05-31 23:37:39 |
Thomas Ward |
nginx (Ubuntu Yakkety): status |
In Progress |
Fix Committed |
|
2016-06-01 00:05:44 |
Thomas Ward |
attachment added |
|
CVE-2016-4450 debdiff for Xenial https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1587577/+attachment/4673895/+files/xenial_cve-2016-4450.debdiff |
|
2016-06-01 00:25:29 |
Ubuntu Foundations Team Bug Bot |
tags |
|
patch |
|
2016-06-01 00:27:47 |
Thomas Ward |
attachment added |
|
CVE-2016-4450 debdiff for Wily https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1587577/+attachment/4673896/+files/wily_cve-2016-4450.debdiff |
|
2016-06-01 00:31:07 |
Thomas Ward |
nginx (Ubuntu Vivid): status |
Confirmed |
Won't Fix |
|
2016-06-01 00:34:46 |
Thomas Ward |
attachment added |
|
CVE-2016-4450 debdiff for Trusty https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1587577/+attachment/4673898/+files/trusty_cve-2015-4450.debdiff |
|
2016-06-01 00:59:01 |
Bug Watch Updater |
nginx (Debian): status |
Unknown |
Fix Released |
|
2016-06-01 01:03:23 |
Launchpad Janitor |
nginx (Ubuntu Yakkety): status |
Fix Committed |
Fix Released |
|
2016-06-02 16:59:49 |
Launchpad Janitor |
nginx (Ubuntu Xenial): status |
Confirmed |
Fix Released |
|
2016-06-02 17:09:51 |
Launchpad Janitor |
nginx (Ubuntu Trusty): status |
Confirmed |
Fix Released |
|
2016-06-02 17:09:53 |
Launchpad Janitor |
nginx (Ubuntu Wily): status |
Confirmed |
Fix Released |
|