ArchLinux: 201606-2: nginx-mainline: denial of service
Summary
A vulnerability was found in nginx code responsible for saving client request body to a temporary file. A specially crafted request might result in worker process crash due to a NULL pointer dereference while handling the client request body.
Resolution
Upgrade to 1.11.1-1.
# pacman -Syu "nginx-mainline>=1.11.1-1"
The problem has been fixed upstream in version 1.11.1.
References
https://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html https://access.redhat.com/security/cve/CVE-2016-4450
Workaround
None.