UbuntuUpdates.org

Package "nginx-core"

Name: nginx-core

Description:

nginx web/proxy server (core version)

Latest version: 1.4.6-1ubuntu3.9
Release: trusty (14.04)
Level: security
Repository: main
Head package: nginx
Homepage: http://nginx.net

Links


Download "nginx-core"


Other versions of "nginx-core" in Trusty

Repository Area Version
base main 1.4.6-1ubuntu3
updates main 1.4.6-1ubuntu3.9

Changelog

Version: 1.4.6-1ubuntu3.9 2018-11-07 16:06:17 UTC

  nginx (1.4.6-1ubuntu3.9) trusty-security; urgency=medium

  * SECURITY UPDATE: infinite loop in ngx_http_mp4_module
    - debian/patches/CVE-2018-16845.patch: fixed reading 64-bit atoms in
      src/http/modules/ngx_http_mp4_module.c.
    - CVE-2018-16845

 -- Marc Deslauriers <email address hidden> Tue, 06 Nov 2018 13:56:34 -0500

Source diff to previous version
CVE-2018-16845 Memory disclosure in the ngx_http_mp4_module

Version: 1.4.6-1ubuntu3.8 2017-07-13 19:07:08 UTC

  nginx (1.4.6-1ubuntu3.8) trusty-security; urgency=medium

  * SECURITY UPDATE: integer overflow in range filter leading to
    information exposure
    - debian/patches/CVE-2017-7529.patch: add check to ensure size does
      not overflow
    - CVE-2017-7529

 -- Steve Beattie <email address hidden> Wed, 12 Jul 2017 02:59:32 -0700

Source diff to previous version

Version: 1.4.6-1ubuntu3.7 2016-10-27 18:06:31 UTC

  nginx (1.4.6-1ubuntu3.7) trusty-security; urgency=medium

  * SECURITY REGRESSION: config upgrade failure (LP: #1637058)
    - debian/nginx-common.config: fix return code so script doesn't exit.

 -- Marc Deslauriers <email address hidden> Thu, 27 Oct 2016 10:42:53 -0400

Source diff to previous version
1637058 nginx-common postinst execution fails when upgrading to or reinstalling 1.10.1-0ubuntu3

Version: 1.4.6-1ubuntu3.6 2016-10-25 20:06:32 UTC

  nginx (1.4.6-1ubuntu3.6) trusty-security; urgency=medium

  [ Christos Trochalakis ]
  * debian/nginx-common.postinst:
    + Secure log file handling (owner & permissions) against privilege
      escalation attacks. /var/log/nginx is now owned by root:adm.
      Thanks Dawid Golunski (http://legalhackers.com) for the report.
      Changing /var/log/nginx permissions effectively reopens #701112,
      since log files can be world-readable. This is a trade-off until
      a better log opening solution is implemented upstream (trac:376).

 -- Marc Deslauriers <email address hidden> Tue, 18 Oct 2016 11:12:58 +0200

Source diff to previous version

Version: 1.4.6-1ubuntu3.5 2016-06-02 18:06:47 UTC

  nginx (1.4.6-1ubuntu3.5) trusty-security; urgency=medium

  * SECURITY UPDATE: Null pointer dereference while writing client request
    body (LP: #1587577)
    - debian/patches/cve-2016-4450.patch: Upstream patch to address issue.
    - CVE-2016-4450

 -- Thomas Ward <email address hidden> Tue, 31 May 2016 20:23:03 -0400

1587577 [CVE-2016-4450] NULL pointer dereference while writing client request body



About   -   Send Feedback to @ubuntu_updates