UbuntuUpdates.org

Package "nginx"

Name: nginx

Description:

small, powerful, scalable web/proxy server
Latest version: 1.4.6-1ubuntu3.8
Release: trusty (14.04)
Level: updates
Repository: main
Homepage: http://nginx.net

Links

Save this URL for the latest version of "nginx": https://www.ubuntuupdates.org/nginx

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "nginx"

All arch deb package
APT INSTALL

Other versions of "nginx" in Trusty

Repository Area Version
base main 1.4.6-1ubuntu3
base universe 1.4.6-1ubuntu3
security main 1.4.6-1ubuntu3.8
security universe 1.4.6-1ubuntu3.8
updates universe 1.4.6-1ubuntu3.8
PPA: Nginx 1.12.1-0+trusty0

Packages in group

Deleted packages are displayed in grey.

nginx-common nginx-core nginx-core-dbg nginx-doc

Changelog

Version: 1.4.6-1ubuntu3.8 2017-07-13 20:07:03 UTC

  nginx (1.4.6-1ubuntu3.8) trusty-security; urgency=medium

  * SECURITY UPDATE: integer overflow in range filter leading to
    information exposure
    - debian/patches/CVE-2017-7529.patch: add check to ensure size does
      not overflow
    - CVE-2017-7529

 -- Steve Beattie <email address hidden> Wed, 12 Jul 2017 02:59:32 -0700
Source diff to previous version

Version: 1.4.6-1ubuntu3.7 2016-10-28 00:07:14 UTC

  nginx (1.4.6-1ubuntu3.7) trusty-security; urgency=medium

  * SECURITY REGRESSION: config upgrade failure (LP: #1637058)
    - debian/nginx-common.config: fix return code so script doesn't exit.

 -- Marc Deslauriers <email address hidden> Thu, 27 Oct 2016 10:42:53 -0400
Source diff to previous version
1637058 nginx-common postinst execution fails when upgrading to or reinstalling 1.10.1-0ubuntu3

Version: 1.4.6-1ubuntu3.6 2016-10-25 22:06:26 UTC

  nginx (1.4.6-1ubuntu3.6) trusty-security; urgency=medium

  [ Christos Trochalakis ]
  * debian/nginx-common.postinst:
    + Secure log file handling (owner & permissions) against privilege
      escalation attacks. /var/log/nginx is now owned by root:adm.
      Thanks Dawid Golunski (http://legalhackers.com) for the report.
      Changing /var/log/nginx permissions effectively reopens #701112,
      since log files can be world-readable. This is a trade-off until
      a better log opening solution is implemented upstream (trac:376).

 -- Marc Deslauriers <email address hidden> Tue, 18 Oct 2016 11:12:58 +0200
Source diff to previous version

Version: 1.4.6-1ubuntu3.5 2016-06-02 20:06:45 UTC

  nginx (1.4.6-1ubuntu3.5) trusty-security; urgency=medium

  * SECURITY UPDATE: Null pointer dereference while writing client request
    body (LP: #1587577)
    - debian/patches/cve-2016-4450.patch: Upstream patch to address issue.
    - CVE-2016-4450

 -- Thomas Ward <email address hidden> Tue, 31 May 2016 20:23:03 -0400
Source diff to previous version
1587577 [CVE-2016-4450] NULL pointer dereference while writing client request body

Version: 1.4.6-1ubuntu3.4 2016-02-09 20:06:45 UTC

  nginx (1.4.6-1ubuntu3.4) trusty-security; urgency=medium

  * SECURITY UPDATE: multiple resolver security issues (LP: #1538165)
    - debian/patches/CVE-2016-074x-1.patch: fix possible segmentation fault
      on DNS format error.
    - debian/patches/CVE-2016-074x-2.patch: fix crashes in timeout handler.
    - debian/patches/CVE-2016-074x-3.patch: fixed CNAME processing for
      several requests.
    - debian/patches/CVE-2016-074x-4.patch: change the
      ngx_resolver_create_*_query() arguments.
    - debian/patches/CVE-2016-074x-5.patch: fix use-after-free memory
      accesses with CNAME.
    - debian/patches/CVE-2016-074x-6.patch: limited CNAME recursion.
    - CVE-2016-0742
    - CVE-2016-0743
    - CVE-2016-0744

 -- Marc Deslauriers <email address hidden> Wed, 03 Feb 2016 09:12:00 -0500
1538165 Security Issues Impacting NGINX: 1.8.x, 1.9.x
CVE-2016-0742 Invalid pointer dereference might occur during DNS server response processing
CVE-2016-0743 RESERVED
CVE-2016-0744 RESERVED


About   -   Send Feedback to @ubuntu_updates