This bug was fixed in the package nginx - 1.9.3-1ubuntu1.1 --------------- nginx (1.9.3-1ubuntu1.1) wily-security; urgency=medium
* SECURITY UPDATE: multiple resolver security issues (LP: #1538165) - debian/patches/CVE-2016-074x-1.patch: fix possible segmentation fault on DNS format error. - debian/patches/CVE-2016-074x-2.patch: fix crashes in timeout handler. - debian/patches/CVE-2016-074x-3.patch: fixed CNAME processing for several requests. - debian/patches/CVE-2016-074x-4.patch: change the ngx_resolver_create_*_query() arguments. - debian/patches/CVE-2016-074x-5.patch: fix use-after-free memory accesses with CNAME. - debian/patches/CVE-2016-074x-6.patch: limited CNAME recursion. - CVE-2016-0742 - CVE-2016-0743 - CVE-2016-0744 -- Marc Deslauriers <marc.deslauri...@ubuntu.com> Wed, 03 Feb 2016 08:38:22 -0500 ** Changed in: nginx (Ubuntu Wily) Status: Confirmed => Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-0743 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-0744 ** Changed in: nginx (Ubuntu Trusty) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1538165 Title: Security Issues Impacting NGINX: 1.8.x, 1.9.x To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1538165/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs