UbuntuUpdates.org

Package "nginx-core-dbg"

Name: nginx-core-dbg

Description:

nginx web/proxy server (core version) - debugging symbols
Latest version: 1.10.3-0ubuntu0.16.04.5
Release: xenial (16.04)
Level: security
Repository: main
Head package: nginx
Homepage: http://nginx.net

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "nginx-core-dbg"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "nginx-core-dbg" in Xenial

Repository Area Version
base main 1.9.15-0ubuntu1
updates main 1.10.3-0ubuntu0.16.04.5

Changelog

Version: 1.10.0-0ubuntu0.16.04.3 2016-10-25 20:06:37 UTC

  nginx (1.10.0-0ubuntu0.16.04.3) xenial-security; urgency=medium

  [ Christos Trochalakis ]
  * debian/nginx-common.postinst:
    + Secure log file handling (owner & permissions) against privilege
      escalation attacks. /var/log/nginx is now owned by root:adm.
      Thanks Dawid Golunski (http://legalhackers.com) for the report.
      Changing /var/log/nginx permissions effectively reopens #701112,
      since log files can be world-readable. This is a trade-off until
      a better log opening solution is implemented upstream (trac:376).
  * debian/control:
    Don't allow building against liblua5.1-0-dev on architectures
    that libluajit is available.

 -- Marc Deslauriers <email address hidden> Tue, 18 Oct 2016 11:02:16 +0200
Source diff to previous version

Version: 1.10.0-0ubuntu0.16.04.2 2016-06-02 18:06:49 UTC

  nginx (1.10.0-0ubuntu0.16.04.2) xenial-security; urgency=medium

  * SECURITY UPDATE: Null pointer dereference while writing client request
    body (LP: #1587577)
    - debian/patches/cve-2016-4450.patch: Upstream patch to address issue.
    - CVE-2016-4450

 -- Thomas Ward <email address hidden> Tue, 31 May 2016 19:47:42 -0400
1587577 [CVE-2016-4450] NULL pointer dereference while writing client request body


About   -   Send Feedback to @ubuntu_updates