Ubuntu 3352-1 Critical: Nginx Information Exposure Vulnerability
Jul 13, 2017
•
LinuxSecurity Advisories
1 - 2 min read
Topics Covered
nginx could be made to expose sensitive information over the network.
=========================================================================Ubuntu Security Notice USN-3352-1 July 13, 2017 nginx vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 17.04 - Ubuntu 16.10 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: nginx could be made to expose sensitive information over the network. Software Description: - nginx: small, powerful, scalable web/proxy server Details: It was discovered that an integer overflow existed in the range filter feature of nginx. A remote attacker could use this to expose sensitive information. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 17.04: nginx-common 1.10.3-1ubuntu3.1 nginx-core 1.10.3-1ubuntu3.1 nginx-extras 1.10.3-1ubuntu3.1 nginx-full 1.10.3-1ubuntu3.1 nginx-light 1.10.3-1ubuntu3.1 Ubuntu 16.10: nginx-common 1.10.1-0ubuntu1.3 nginx-core 1.10.1-0ubuntu1.3 nginx-extras 1.10.1-0ubuntu1.3 nginx-full 1.10.1-0ubuntu1.3 nginx-light 1.10.1-0ubuntu1.3 Ubuntu 16.04 LTS: nginx-common 1.10.3-0ubuntu0.16.04.2 nginx-core 1.10.3-0ubuntu0.16.04.2 nginx-extras 1.10.3-0ubuntu0.16.04.2 nginx-full 1.10.3-0ubuntu0.16.04.2 nginx-light 1.10.3-0ubuntu0.16.04.2 Ubuntu 14.04 LTS: nginx-common 1.4.6-1ubuntu3.8 nginx-core 1.4.6-1ubuntu3.8 nginx-extras 1.4.6-1ubuntu3.8 nginx-full 1.4.6-1ubuntu3.8 nginx-light 1.4.6-1ubuntu3.8 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-3352-1 CVE-2017-7529 Package Information: https://launchpad.net/ubuntu/+source/nginx/1.10.3-1ubuntu3.1 https://launchpad.net/ubuntu/+source/nginx/1.10.1-0ubuntu1.3 https://launchpad.net/ubuntu/+source/nginx/1.10.3-0ubuntu0.16.04.2 https://launchpad.net/ubuntu/+source/nginx/1.4.6-1ubuntu3.8
PREVIOUS
NEXT
Ubuntu 3352-1 Critical: Nginx Information Exposure Vulnerability
ubuntu
July 13, 2017
nginx could be made to expose sensitive information over the network.
Summary
Topics Covered
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 17.04: nginx-common 1.10.3-1ubuntu3.1 nginx-core 1.10.3-1ubuntu3.1 nginx-extras 1.10.3-1ubuntu3.1 nginx-full 1.10.3-1ubuntu3.1 nginx-light 1.10.3-1ubuntu3.1 Ubuntu 16.10: nginx-common 1.10.1-0ubuntu1.3 nginx-core 1.10.1-0ubuntu1.3 nginx-extras 1.10.1-0ubuntu1.3 nginx-full 1.10.1-0ubuntu1.3 nginx-light 1.10.1-0ubuntu1.3 Ubuntu 16.04 LTS: nginx-common 1.10.3-0ubuntu0.16.04.2 nginx-core 1.10.3-0ubuntu0.16.04.2 nginx-extras 1.10.3-0ubuntu0.16.04.2 nginx-full 1.10.3-0ubuntu0.16.04.2 nginx-light 1.10.3-0ubuntu0.16.04.2 Ubuntu 14.04 LTS: nginx-common 1.4.6-1ubuntu3.8 nginx-core 1.4.6-1ubuntu3.8 nginx-extras 1.4.6-1ubuntu3.8 nginx-full 1.4.6-1ubuntu3.8 nginx-light 1.4.6-1ubuntu3.8 In general, a standard system update will make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-3352-1
CVE-2017-7529
Severity
critical
Lowest
Low
Medium
High
Critical
July 13, 2017
Topics Covered
Package Information
https://launchpad.net/ubuntu/+source/nginx/1.10.3-1ubuntu3.1 https://launchpad.net/ubuntu/+source/nginx/1.10.1-0ubuntu1.3 https://launchpad.net/ubuntu/+source/nginx/1.10.3-0ubuntu0.16.04.2 https://launchpad.net/ubuntu/+source/nginx/1.4.6-1ubuntu3.8
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!