=========================================================================Ubuntu Security Notice USN-3114-2
October 27, 2016

nginx regression
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

USN-3114-1 introduced a regression in nginx packaging.

Software Description:
- nginx: small, powerful, scalable web/proxy server

Details:

USN-3114-1 fixed a vulnerability in nginx. A packaging issue prevented
nginx from being reinstalled or upgraded to a subsequent release. This
update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

 Dawid Golunski discovered that the nginx package incorrectly handled log
 file permissions. A remote attacker could possibly use this issue to obtain
 root privileges.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.10:
  nginx-common                    1.10.1-0ubuntu1.2
  nginx-core                      1.10.1-0ubuntu1.2
  nginx-extras                    1.10.1-0ubuntu1.2
  nginx-full                      1.10.1-0ubuntu1.2
  nginx-light                     1.10.1-0ubuntu1.2

Ubuntu 16.04 LTS:
  nginx-common                    1.10.0-0ubuntu0.16.04.4
  nginx-core                      1.10.0-0ubuntu0.16.04.4
  nginx-extras                    1.10.0-0ubuntu0.16.04.4
  nginx-full                      1.10.0-0ubuntu0.16.04.4
  nginx-light                     1.10.0-0ubuntu0.16.04.4

Ubuntu 14.04 LTS:
  nginx-common                    1.4.6-1ubuntu3.7
  nginx-core                      1.4.6-1ubuntu3.7
  nginx-extras                    1.4.6-1ubuntu3.7
  nginx-full                      1.4.6-1ubuntu3.7
  nginx-light                     1.4.6-1ubuntu3.7

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-3114-2
  https://ubuntu.com/security/notices/USN-3114-1
  https://launchpad.net/bugs/1637058

Package Information:
  https://launchpad.net/ubuntu/+source/nginx/1.10.1-0ubuntu1.2
  https://launchpad.net/ubuntu/+source/nginx/1.10.0-0ubuntu0.16.04.4
  https://launchpad.net/ubuntu/+source/nginx/1.4.6-1ubuntu3.7

Ubuntu 3114-2: nginx regression

October 27, 2016
USN-3114-1 introduced a regression in nginx packaging.

Summary

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 16.10: nginx-common 1.10.1-0ubuntu1.2 nginx-core 1.10.1-0ubuntu1.2 nginx-extras 1.10.1-0ubuntu1.2 nginx-full 1.10.1-0ubuntu1.2 nginx-light 1.10.1-0ubuntu1.2 Ubuntu 16.04 LTS: nginx-common 1.10.0-0ubuntu0.16.04.4 nginx-core 1.10.0-0ubuntu0.16.04.4 nginx-extras 1.10.0-0ubuntu0.16.04.4 nginx-full 1.10.0-0ubuntu0.16.04.4 nginx-light 1.10.0-0ubuntu0.16.04.4 Ubuntu 14.04 LTS: nginx-common 1.4.6-1ubuntu3.7 nginx-core 1.4.6-1ubuntu3.7 nginx-extras 1.4.6-1ubuntu3.7 nginx-full 1.4.6-1ubuntu3.7 nginx-light 1.4.6-1ubuntu3.7 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-3114-2

https://ubuntu.com/security/notices/USN-3114-1

https://launchpad.net/bugs/1637058

Severity
October 27, 2016

Package Information

https://launchpad.net/ubuntu/+source/nginx/1.10.1-0ubuntu1.2 https://launchpad.net/ubuntu/+source/nginx/1.10.0-0ubuntu0.16.04.4 https://launchpad.net/ubuntu/+source/nginx/1.4.6-1ubuntu3.7

Related News

5.ShakingHands Esm H320
3 - 5 min read
There has been a promising shift in the tech industry, with major companies pledging to release products with built-in security features. This
18.WifiCutout Landscape Esm H320
2 - 3 min read
A novel attack called TunnelVision has been discovered. It compromises the security of virtually all VPN apps, rendering their purpose useless. The
21.Globe RadiatingCode Esm H320
2 - 3 min read
The recent discovery of a backdoor in XZ Utils , a widely used Linux tool, raises concerns about the security of the open-source ecosystem. While
13.Lock StylizedMotherboard Esm H320
1 - 2 min read
Spiral Linux is a Debian-based distribution that offers a range of desktop environments, making it stand out from other Linux distributions. In
32.Lock Code Circular Esm H320
2 - 3 min read
Two critical security vulnerabilities were found in pgAdmin, the open-source administration tool for PostgreSQL . The vulnerabilities assigned
1.Penguin Landscape Esm H320
2 - 3 min read
The recent release of AlmaLinux 9.4 , closely aligned with Red Hat Enterprise Linux (RHEL) 9.4 , presents Linux admins and infosec professionals
11.Locks IsometricPattern Esm H320
2 - 3 min read
The upcoming release of Linux Mint 22 will introduce significant changes, particularly in handling XApp , GNOME applications, and the Software
2.Motherboard Esm H320
2 - 3 min read
German software engineer Lennart Poettering recently presented run0 , a new tool in systemd v256 that aims to address the security concerns

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved