Ubuntu 16.10: USN-3114-2 Moderate: Nginx Packaging Regression
Oct 27, 2016
•
LinuxSecurity Advisories
1 - 2 min read
Topics Covered
USN-3114-1 introduced a regression in nginx packaging.
=========================================================================Ubuntu Security Notice USN-3114-2 October 27, 2016 nginx regression ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.10 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: USN-3114-1 introduced a regression in nginx packaging. Software Description: - nginx: small, powerful, scalable web/proxy server Details: USN-3114-1 fixed a vulnerability in nginx. A packaging issue prevented nginx from being reinstalled or upgraded to a subsequent release. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Dawid Golunski discovered that the nginx package incorrectly handled log file permissions. A remote attacker could possibly use this issue to obtain root privileges. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.10: nginx-common 1.10.1-0ubuntu1.2 nginx-core 1.10.1-0ubuntu1.2 nginx-extras 1.10.1-0ubuntu1.2 nginx-full 1.10.1-0ubuntu1.2 nginx-light 1.10.1-0ubuntu1.2 Ubuntu 16.04 LTS: nginx-common 1.10.0-0ubuntu0.16.04.4 nginx-core 1.10.0-0ubuntu0.16.04.4 nginx-extras 1.10.0-0ubuntu0.16.04.4 nginx-full 1.10.0-0ubuntu0.16.04.4 nginx-light 1.10.0-0ubuntu0.16.04.4 Ubuntu 14.04 LTS: nginx-common 1.4.6-1ubuntu3.7 nginx-core 1.4.6-1ubuntu3.7 nginx-extras 1.4.6-1ubuntu3.7 nginx-full 1.4.6-1ubuntu3.7 nginx-light 1.4.6-1ubuntu3.7 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-3114-2 https://ubuntu.com/security/notices/USN-3114-1 https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1637058 Package Information: https://launchpad.net/ubuntu/+source/nginx/1.10.1-0ubuntu1.2 https://launchpad.net/ubuntu/+source/nginx/1.10.0-0ubuntu0.16.04.4 https://launchpad.net/ubuntu/+source/nginx/1.4.6-1ubuntu3.7
PREVIOUS
NEXT
Ubuntu 16.10: USN-3114-2 Moderate: Nginx Packaging Regression
ubuntu
October 27, 2016
USN-3114-1 introduced a regression in nginx packaging.
Summary
Topics Covered
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 16.10: nginx-common 1.10.1-0ubuntu1.2 nginx-core 1.10.1-0ubuntu1.2 nginx-extras 1.10.1-0ubuntu1.2 nginx-full 1.10.1-0ubuntu1.2 nginx-light 1.10.1-0ubuntu1.2 Ubuntu 16.04 LTS: nginx-common 1.10.0-0ubuntu0.16.04.4 nginx-core 1.10.0-0ubuntu0.16.04.4 nginx-extras 1.10.0-0ubuntu0.16.04.4 nginx-full 1.10.0-0ubuntu0.16.04.4 nginx-light 1.10.0-0ubuntu0.16.04.4 Ubuntu 14.04 LTS: nginx-common 1.4.6-1ubuntu3.7 nginx-core 1.4.6-1ubuntu3.7 nginx-extras 1.4.6-1ubuntu3.7 nginx-full 1.4.6-1ubuntu3.7 nginx-light 1.4.6-1ubuntu3.7 In general, a standard system update will make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-3114-2
https://ubuntu.com/security/notices/USN-3114-1
https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1637058
October 27, 2016
Topics Covered
Package Information
https://launchpad.net/ubuntu/+source/nginx/1.10.1-0ubuntu1.2 https://launchpad.net/ubuntu/+source/nginx/1.10.0-0ubuntu0.16.04.4 https://launchpad.net/ubuntu/+source/nginx/1.4.6-1ubuntu3.7
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!