This bug was fixed in the package nginx - 1.9.3-1ubuntu1.1
--------------- nginx (1.9.3-1ubuntu1.1) wily-security; urgency=medium
* SECURITY UPDATE: multiple resolver security issues (LP: #1538165) - debian/patches/CVE-2016-074x-1.patch: fix possible segmentation fault on DNS format error. - debian/patches/CVE-2016-074x-2.patch: fix crashes in timeout handler. - debian/patches/CVE-2016-074x-3.patch: fixed CNAME processing for several requests. - debian/patches/CVE-2016-074x-4.patch: change the ngx_resolver_create_*_query() arguments. - debian/patches/CVE-2016-074x-5.patch: fix use-after-free memory accesses with CNAME. - debian/patches/CVE-2016-074x-6.patch: limited CNAME recursion. - CVE-2016-0742 - CVE-2016-0743 - CVE-2016-0744
-- Marc Deslauriers <email address hidden> Wed, 03 Feb 2016 08:38:22 -0500
This bug was fixed in the package nginx - 1.9.3-1ubuntu1.1
---------------
nginx (1.9.3-1ubuntu1.1) wily-security; urgency=medium
* SECURITY UPDATE: multiple resolver security issues (LP: #1538165) patches/ CVE-2016- 074x-1. patch: fix possible segmentation fault patches/ CVE-2016- 074x-2. patch: fix crashes in timeout handler. patches/ CVE-2016- 074x-3. patch: fixed CNAME processing for patches/ CVE-2016- 074x-4. patch: change the resolver_ create_ *_query( ) arguments. patches/ CVE-2016- 074x-5. patch: fix use-after-free memory patches/ CVE-2016- 074x-6. patch: limited CNAME recursion.
- debian/
on DNS format error.
- debian/
- debian/
several requests.
- debian/
ngx_
- debian/
accesses with CNAME.
- debian/
- CVE-2016-0742
- CVE-2016-0743
- CVE-2016-0744
-- Marc Deslauriers <email address hidden> Wed, 03 Feb 2016 08:38:22 -0500