Package "nginx"

Name:	nginx
Description:	small, powerful, scalable web/proxy server
Latest version:	1.10.3-0ubuntu0.16.04.5
Release:	xenial (16.04)
Level:	security
Repository:	main
Homepage:	http://nginx.net

Links

Raw Package Information

All versions of this package

Bug fixes

List of files in package

Repository home page

Download "nginx"

All arch deb package

APT INSTALL

Other versions of "nginx" in Xenial

Repository	Area	Version
base	universe	1.9.15-0ubuntu1
base	main	1.9.15-0ubuntu1
security	universe	1.10.3-0ubuntu0.16.04.5
updates	main	1.10.3-0ubuntu0.16.04.5
updates	universe	1.10.3-0ubuntu0.16.04.5
PPA: Nginx		1.16.1-0+xenial1

Packages in group

Deleted packages are displayed in grey.

Changelog

Version: 1.10.0-0ubuntu0.16.04.3 2016-10-25 20:06:37 UTC

Version: 1.10.0-0ubuntu0.16.04.3	2016-10-25 20:06:37 UTC
nginx (1.10.0-0ubuntu0.16.04.3) xenial-security; urgency=medium [ Christos Trochalakis ] * debian/nginx-common.postinst: + Secure log file handling (owner & permissions) against privilege escalation attacks. /var/log/nginx is now owned by root:adm. Thanks Dawid Golunski (http://legalhackers.com) for the report. Changing /var/log/nginx permissions effectively reopens #701112, since log files can be world-readable. This is a trade-off until a better log opening solution is implemented upstream (trac:376). * debian/control: Don't allow building against liblua5.1-0-dev on architectures that libluajit is available. -- Marc Deslauriers <email address hidden> Tue, 18 Oct 2016 11:02:16 +0200
Source diff to previous version

nginx (1.10.0-0ubuntu0.16.04.3) xenial-security; urgency=medium [ Christos Trochalakis ] * debian/nginx-common.postinst: + Secure log file handling (owner & permissions) against privilege escalation attacks. /var/log/nginx is now owned by root:adm. Thanks Dawid Golunski (http://legalhackers.com) for the report. Changing /var/log/nginx permissions effectively reopens #701112, since log files can be world-readable. This is a trade-off until a better log opening solution is implemented upstream (trac:376). * debian/control: Don't allow building against liblua5.1-0-dev on architectures that libluajit is available. -- Marc Deslauriers <email address hidden> Tue, 18 Oct 2016 11:02:16 +0200

Source diff to previous version

Version: 1.10.0-0ubuntu0.16.04.2 2016-06-02 18:06:49 UTC

nginx (1.10.0-0ubuntu0.16.04.2) xenial-security; urgency=medium * SECURITY UPDATE: Null pointer dereference while writing client request body (LP: #1587577) - debian/patches/cve-2016-4450.patch: Upstream patch to address issue. - CVE-2016-4450 -- Thomas Ward <email address hidden> Tue, 31 May 2016 19:47:42 -0400

1587577

[CVE-2016-4450] NULL pointer dereference while writing client request body

About - Send Feedback to @ubuntu_updates

Package "nginx"

Links

Download "nginx"

Other versions of "nginx" in Xenial

Packages in group

Changelog

Share this page

Bookmarks

Latest updates

proposed

updates

security

PPA updates