nginx (1.9.10-0ubuntu1) xenial; urgency=medium * New upstream release. * debian/patches/ubuntu-branding.patch: Refreshed Ubuntu Branding patch * Security content of this upload addresses the following vulnerabilities and CVE-numbered Security issues: (LP: #1538165) - Invalid pointer dereference might occur during DNS server response processing, allowing an attacker who is able to forge UDP packets from the DNS server to cause worker process crash (CVE-2016-0742). - Use-after-free condition might occur during CNAME response processing. This problem allows an attacker who is able to trigger name resolution to cause worker process crash, or might have potential other impact (CVE-2016-0746). - CNAME resolution was insufficiently limited, allowing an attacker who is able to trigger arbitrary name resolution to cause excessive resource consumption in worker processes (CVE-2016-0747).
Date: Tue, 26 Jan 2016 14:53:01 -0500 Changed-By: Thomas Ward <tew...@ubuntu.com> Maintainer: Ubuntu Developers <ubuntu-devel-disc...@lists.ubuntu.com> https://launchpad.net/ubuntu/+source/nginx/1.9.10-0ubuntu1
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Tue, 26 Jan 2016 14:53:01 -0500 Source: nginx Binary: nginx nginx-doc nginx-common nginx-core nginx-core-dbg nginx-full nginx-full-dbg nginx-light nginx-light-dbg nginx-extras nginx-extras-dbg Architecture: source Version: 1.9.10-0ubuntu1 Distribution: xenial Urgency: medium Maintainer: Ubuntu Developers <ubuntu-devel-disc...@lists.ubuntu.com> Changed-By: Thomas Ward <tew...@ubuntu.com> Description: nginx - small, powerful, scalable web/proxy server nginx-common - small, powerful, scalable web/proxy server - common files nginx-core - nginx web/proxy server (core version) nginx-core-dbg - nginx web/proxy server (core version) - debugging symbols nginx-doc - small, powerful, scalable web/proxy server - documentation nginx-extras - nginx web/proxy server (extended version) nginx-extras-dbg - nginx web/proxy server (extended version) - debugging symbols nginx-full - nginx web/proxy server (standard version) nginx-full-dbg - nginx web/proxy server (standard version) - debugging symbols nginx-light - nginx web/proxy server (basic version) nginx-light-dbg - nginx web/proxy server (basic version) - debugging symbols Launchpad-Bugs-Fixed: 1538165 Changes: nginx (1.9.10-0ubuntu1) xenial; urgency=medium . * New upstream release. * debian/patches/ubuntu-branding.patch: Refreshed Ubuntu Branding patch * Security content of this upload addresses the following vulnerabilities and CVE-numbered Security issues: (LP: #1538165) - Invalid pointer dereference might occur during DNS server response processing, allowing an attacker who is able to forge UDP packets from the DNS server to cause worker process crash (CVE-2016-0742). - Use-after-free condition might occur during CNAME response processing. This problem allows an attacker who is able to trigger name resolution to cause worker process crash, or might have potential other impact (CVE-2016-0746). - CNAME resolution was insufficiently limited, allowing an attacker who is able to trigger arbitrary name resolution to cause excessive resource consumption in worker processes (CVE-2016-0747). Checksums-Sha1: 3410af9176a24b8b895794bc820a0b2a570caa46 2841 nginx_1.9.10-0ubuntu1.dsc b7ddb8bb55ad20c336c94526cd2c26b5699caeb5 889267 nginx_1.9.10.orig.tar.gz 19d61f25c51551cd8a6088e57875d5cf4679eedd 1002823 nginx_1.9.10-0ubuntu1.debian.tar.gz Checksums-Sha256: 6c2ffb92b77e4c4045a018fa72bb4835bc4eafc59dfb901c800013cb90600191 2841 nginx_1.9.10-0ubuntu1.dsc fb14d76844cab0a5a0880768be28965e74f9956790f618c454ef6098e26631d9 889267 nginx_1.9.10.orig.tar.gz f82d1f3fe3cc83aab0717d964289ec53add78e561362d740b3db21066a62cd8b 1002823 nginx_1.9.10-0ubuntu1.debian.tar.gz Files: 0df5c1b17665182a70011bb8d3ddd33f 2841 httpd optional nginx_1.9.10-0ubuntu1.dsc 64cc970988356a5e0fc4fcd1ab84fe57 889267 httpd optional nginx_1.9.10.orig.tar.gz 0ca8f66d35a9e63823a7fa78301a702d 1002823 httpd optional nginx_1.9.10-0ubuntu1.debian.tar.gz Original-Maintainer: Kartik Mistry <kar...@debian.org> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJWp8+FAAoJEGbkJ7T1ae9VHtYP/j2eBtVIWxgwUVmuGMuFur3X 8PInEQexlv827xTtiHsFG6oh3STVAt9rPECPlfFNMGaep7JixHrv2TpmNN45OCJe 9eAvdKedvVu7e4B1SQU4H3lC+W1fMaJTuXLp867grKSrkQXLiCYVB3ghbneePXRT TNPFPPTuKqZwAE7+syhoyCrA1uIAxx43r7FN0mktgiulB0PSWpg1EAmkKca2Sv6k xwo6MOn9peGaW1dpKiE2c0Y/HpCdegJ/5y6tORueQKEeqNueQfoI+oaDpxccS0FP XRKZJsCkwi0IeDneilZMQ54aQGbWX6+xUFyGhUtWMNHvS5G4Ts1iqaDIYHiubIF2 82cHKCeiHmTDVw8T5kxeM9DUK1lTScRNE+2AX5iDbhLXjc4kWPm8NUBguib0T5Uo HgxdGEExQaCohbz4ot6cUKAFqvx63wEwweTSqe69flASVJKFUP+Q5RiTubKY+Oix 9QxH6wAcHE0X2RG9xEDUWxHtWftlTX3d55T00ZoQEOCL16i+nK0iIZSpr0rFZbgY qFHQo1VrIV3XPOWc6u2+bTsqsJf+GgMvXWSvEy1xwuGfIOOEIEOuHAhz10+uzNox YK8dyQeQt08i1LA0TaOA4YuI+LXfFpAIk8kcLxOnSmNA43Tq0zs8PPvuaLR2d118 0Q2gKf5cd8lkd8b4yvFd =oKbT -----END PGP SIGNATURE-----
-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes