[Bug 1538165] Re: Security Issues Impacting NGINX: 1.8.x, 1.9.x

** Bug watch added: Debian Bug tracker #812806 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812806 ** Also affects: nginx (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812806 Importance: Unknown Status: Unknown -- You received this bug notification because

[Bug 1538165] Re: Security Issues Impacting NGINX: 1.8.x, 1.9.x

This bug was fixed in the package nginx - 1.4.6-1ubuntu3.4 --- nginx (1.4.6-1ubuntu3.4) trusty-security; urgency=medium * SECURITY UPDATE: multiple resolver security issues (LP: #1538165) - debian/patches/CVE-2016-074x-1.patch: fix possible segmentation fault on DNS

[Bug 1538165] Re: Security Issues Impacting NGINX: 1.8.x, 1.9.x

This bug was fixed in the package nginx - 1.9.3-1ubuntu1.1 --- nginx (1.9.3-1ubuntu1.1) wily-security; urgency=medium * SECURITY UPDATE: multiple resolver security issues (LP: #1538165) - debian/patches/CVE-2016-074x-1.patch: fix possible segmentation fault on DNS format

[Bug 1538165] Re: Security Issues Impacting NGINX: 1.8.x, 1.9.x

** Changed in: nginx (Debian) Status: Unknown => Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nginx in Ubuntu. https://bugs.launchpad.net/bugs/1538165 Title: Security Issues Impacting NGINX: 1.8.x, 1.9.x To

[Bug 1538165] Re: Security Issues Impacting NGINX: 1.8.x, 1.9.x

As Vivid reaches End of Life tomorrow, and that provides insufficient time for a fix to be produced for that version of the package, we are marking this as "Won't Fix" on Vivid. ** Changed in: nginx (Ubuntu Vivid) Status: Confirmed => Won't Fix -- You received this bug notification

[Bug 1538165] Re: Security Issues Impacting NGINX: 1.8.x, 1.9.x

The following are upstream changeset links, in order of application: 1.9.x: http://hg.nginx.org/nginx/rev/81d44cd4044e http://hg.nginx.org/nginx/rev/7316c57e4fe7 http://hg.nginx.org/nginx/rev/978e79b95c9f http://hg.nginx.org/nginx/rev/a5767988c022 http://hg.nginx.org/nginx/rev/497d0cff8ace

[Bug 1538165] Re: Security Issues Impacting NGINX: 1.8.x, 1.9.x

The following are upstream changeset links, in order of application: 1.9.x: http://hg.nginx.org/nginx/rev/81d44cd4044e http://hg.nginx.org/nginx/rev/7316c57e4fe7 http://hg.nginx.org/nginx/rev/978e79b95c9f http://hg.nginx.org/nginx/rev/a5767988c022 http://hg.nginx.org/nginx/rev/497d0cff8ace

[Bug 1538165] Re: Security Issues Impacting NGINX: 1.8.x, 1.9.x

** Changed in: nginx (Ubuntu Wily) Assignee: Thomas Ward (teward) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nginx in Ubuntu. https://bugs.launchpad.net/bugs/1538165 Title: Security Issues Impacting NGINX:

[Bug 1538165] Re: Security Issues Impacting NGINX: 1.8.x, 1.9.x

** Description changed: - This is listed as a Private Security bug as it contains some security - content, but does not contain specifics due to Upstream not releasing - them, and also at Upstream's request to keep notifications about issues - not yet known to the public quiet. + This is listed

[Bug 1538165] Re: Security Issues Impacting NGINX: 1.8.x, 1.9.x

** Description changed: This is listed as a Public Security bug as the CVEs and fixes have been announced by NGINX Upstream officially. There are 3 CVEs impacting all versions of NGINX in Ubuntu. The following is taken from the upstream security announcement on the nginx- - announce

[Bug 1538165] Re: Security Issues Impacting NGINX: 1.8.x, 1.9.x

Debian actually was faster, and uploaded 1.9.10 today. As soon as that is available, I will merge it into Xenial. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nginx in Ubuntu. https://bugs.launchpad.net/bugs/1538165 Title:

[Bug 1538165] Re: Security Issues Impacting NGINX: 1.8.x, 1.9.x

** Tags added: trusty ** Tags added: precise ** Changed in: nginx (Ubuntu Precise) Importance: Undecided => High ** Changed in: nginx (Ubuntu Trusty) Importance: Undecided => High ** Changed in: nginx (Ubuntu Vivid) Importance: Undecided => High ** Changed in: nginx (Ubuntu Wily)

[Bug 1538165] Re: Security Issues Impacting NGINX: 1.8.x, 1.9.x

Importance reset to Medium per Ubuntu Security Team stating the CVEs would be Medium level. (Bug importance set to match) ** Changed in: nginx (Ubuntu Precise) Importance: High => Medium ** Changed in: nginx (Ubuntu Trusty) Importance: High => Medium ** Changed in: nginx (Ubuntu Vivid)

[Bug 1538165] Re: Security Issues Impacting NGINX: 1.8.x, 1.9.x

An upload of NGINX 1.9.10 has been done for Xenial, and is now building; marking Fix Committed for Xenial. ** Changed in: nginx (Ubuntu Xenial) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed

[Bug 1538165] Re: Security Issues Impacting NGINX: 1.8.x, 1.9.x

This bug was fixed in the package nginx - 1.9.10-0ubuntu1 --- nginx (1.9.10-0ubuntu1) xenial; urgency=medium * New upstream release. * debian/patches/ubuntu-branding.patch: Refreshed Ubuntu Branding patch * Security content of this upload addresses the following vulnerabilities

[Bug 1538165] Re: Security Issues Impacting NGINX: 1.8.x, 1.9.x

** Changed in: nginx (Ubuntu Vivid) Assignee: Thomas Ward (teward) => (unassigned) ** Changed in: nginx (Ubuntu Trusty) Assignee: Thomas Ward (teward) => (unassigned) ** Changed in: nginx (Ubuntu Precise) Assignee: Thomas Ward (teward) => (unassigned) -- You received this bug