Discover Government News

=========================================================================Ubuntu Security Notice USN-2991-1
June 02, 2016

nginx vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS
- Ubuntu 15.10
- Ubuntu 14.04 LTS

Summary:

nginx could be made to crash if it received specially crafted network
traffic.

Software Description:
- nginx: small, powerful, scalable web/proxy server

Details:

It was discovered that nginx incorrectly handled saving client request
bodies to temporary files. A remote attacker could possibly use this issue
to cause nginx to crash, resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  nginx-core                      1.10.0-0ubuntu0.16.04.2
  nginx-extras                    1.10.0-0ubuntu0.16.04.2
  nginx-full                      1.10.0-0ubuntu0.16.04.2
  nginx-light                     1.10.0-0ubuntu0.16.04.2

Ubuntu 15.10:
  nginx-core                      1.9.3-1ubuntu1.2
  nginx-extras                    1.9.3-1ubuntu1.2
  nginx-full                      1.9.3-1ubuntu1.2
  nginx-light                     1.9.3-1ubuntu1.2

Ubuntu 14.04 LTS:
  nginx-core                      1.4.6-1ubuntu3.5
  nginx-extras                    1.4.6-1ubuntu3.5
  nginx-full                      1.4.6-1ubuntu3.5
  nginx-light                     1.4.6-1ubuntu3.5

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-2991-1
  CVE-2016-4450

Package Information:
  https://launchpad.net/ubuntu/+source/nginx/1.10.0-0ubuntu0.16.04.2
  https://launchpad.net/ubuntu/+source/nginx/1.9.3-1ubuntu1.2
  https://launchpad.net/ubuntu/+source/nginx/1.4.6-1ubuntu3.5


Ubuntu 2991-1: nginx vulnerability

June 2, 2016
nginx could be made to crash if it received specially crafted network traffic.

Summary

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: nginx-core 1.10.0-0ubuntu0.16.04.2 nginx-extras 1.10.0-0ubuntu0.16.04.2 nginx-full 1.10.0-0ubuntu0.16.04.2 nginx-light 1.10.0-0ubuntu0.16.04.2 Ubuntu 15.10: nginx-core 1.9.3-1ubuntu1.2 nginx-extras 1.9.3-1ubuntu1.2 nginx-full 1.9.3-1ubuntu1.2 nginx-light 1.9.3-1ubuntu1.2 Ubuntu 14.04 LTS: nginx-core 1.4.6-1ubuntu3.5 nginx-extras 1.4.6-1ubuntu3.5 nginx-full 1.4.6-1ubuntu3.5 nginx-light 1.4.6-1ubuntu3.5 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2991-1

CVE-2016-4450

Severity
June 02, 2016

Package Information

https://launchpad.net/ubuntu/+source/nginx/1.10.0-0ubuntu0.16.04.2 https://launchpad.net/ubuntu/+source/nginx/1.9.3-1ubuntu1.2 https://launchpad.net/ubuntu/+source/nginx/1.4.6-1ubuntu3.5

Related News