UbuntuUpdates.org

Package "nginx"

Name: nginx

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • nginx web/proxy server (extended version)
  • nginx web/proxy server (extended version) - debugging symbols
  • nginx web/proxy server (standard version)
  • nginx web/proxy server (standard version) - debugging symbols
Latest version: 1.4.6-1ubuntu3.9
Release: trusty (14.04)
Level: security
Repository: universe

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "nginx" in Trusty

Repository Area Version
base main 1.4.6-1ubuntu3
base universe 1.4.6-1ubuntu3
security main 1.4.6-1ubuntu3.9
updates universe 1.4.6-1ubuntu3.9
updates main 1.4.6-1ubuntu3.9
PPA: Nginx 1.12.2-0+trusty0

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.4.6-1ubuntu3.4 2016-02-09 19:07:23 UTC

  nginx (1.4.6-1ubuntu3.4) trusty-security; urgency=medium

  * SECURITY UPDATE: multiple resolver security issues (LP: #1538165)
    - debian/patches/CVE-2016-074x-1.patch: fix possible segmentation fault
      on DNS format error.
    - debian/patches/CVE-2016-074x-2.patch: fix crashes in timeout handler.
    - debian/patches/CVE-2016-074x-3.patch: fixed CNAME processing for
      several requests.
    - debian/patches/CVE-2016-074x-4.patch: change the
      ngx_resolver_create_*_query() arguments.
    - debian/patches/CVE-2016-074x-5.patch: fix use-after-free memory
      accesses with CNAME.
    - debian/patches/CVE-2016-074x-6.patch: limited CNAME recursion.
    - CVE-2016-0742
    - CVE-2016-0743
    - CVE-2016-0744

 -- Marc Deslauriers <email address hidden> Wed, 03 Feb 2016 09:12:00 -0500
Source diff to previous version
1538165 Security Issues Impacting NGINX: 1.8.x, 1.9.x
CVE-2016-0742 Invalid pointer dereference might occur during DNS server response processing
CVE-2016-0743 RESERVED
CVE-2016-0744 RESERVED

Version: 1.4.6-1ubuntu3.1 2014-09-22 17:06:45 UTC

  nginx (1.4.6-1ubuntu3.1) trusty-security; urgency=medium

  * SECURITY UPDATE: incorrect cached SSL session reuse (LP: #1370478)
    - debian/patches/CVE-2014-3616.patch: include hash of certificate in
      session id context in src/event/ngx_event_openssl.c.
    - CVE-2014-3616
 -- Marc Deslauriers <email address hidden> Wed, 17 Sep 2014 08:56:46 -0400
1370478 [CVE-2014-3616] \
CVE-2014-3616 reuse cached SSL sessions in unrelated contexts


About   -   Send Feedback to @ubuntu_updates