This bug was fixed in the package nginx - 1.9.3-1ubuntu1.1
---------------
nginx (1.9.3-1ubuntu1.1) wily-security; urgency=medium
* SECURITY UPDATE: multiple resolver security issues (LP: #1538165)
- debian/patches/CVE-2016-074x-1.patch: fix possible segmentation fault
on DNS format error.
- debian/patches/CVE-2016-074x-2.patch: fix crashes in timeout handler.
- debian/patches/CVE-2016-074x-3.patch: fixed CNAME processing for
several requests.
- debian/patches/CVE-2016-074x-4.patch: change the
ngx_resolver_create_*_query() arguments.
- debian/patches/CVE-2016-074x-5.patch: fix use-after-free memory
accesses with CNAME.
- debian/patches/CVE-2016-074x-6.patch: limited CNAME recursion.
- CVE-2016-0742
- CVE-2016-0743
- CVE-2016-0744
-- Marc Deslauriers <marc.deslauri...@ubuntu.com> Wed, 03 Feb 2016
08:38:22 -0500
** Changed in: nginx (Ubuntu Wily)
Status: Confirmed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-0743
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-0744
** Changed in: nginx (Ubuntu Trusty)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1538165
Title:
Security Issues Impacting NGINX: 1.8.x, 1.9.x
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1538165/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
