* [Buildroot] [PATCH] nginx: security bump to version 1.8.1
@ 2016-01-27 12:03 Gustavo Zacarias
2016-01-27 20:37 ` Thomas Petazzoni
0 siblings, 1 reply; 2+ messages in thread
From: Gustavo Zacarias @ 2016-01-27 12:03 UTC (permalink / raw)
To: buildroot
Fixes:
CVE-2016-0742 - invalid pointer dereference might occur during DNS
server response processing if the "resolver" directive was used,
allowing anattacker who is able to forge UDP packets from the DNS server
to cause segmentation fault in a worker process.
CVE-2016-0746 - use-after-free condition might occur during CNAME
response processing if the "resolver" directive was used, allowing an
attacker who is able to trigger name resolution to cause segmentation
fault in a worker process, or might have potential other impact.
CVE-2016-0747 - CNAME resolution was insufficiently limited if the
"resolver" directive was used, allowing an attacker who is able to
trigger arbitrary name resolution to cause excessive resource
consumption in worker processes.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
package/nginx/nginx.hash | 2 +-
package/nginx/nginx.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/nginx/nginx.hash b/package/nginx/nginx.hash
index 7e0dc5e..fe4d6b2 100644
--- a/package/nginx/nginx.hash
+++ b/package/nginx/nginx.hash
@@ -1,2 +1,2 @@
# Locally calculated after checking pgp signature
-sha256 23cca1239990c818d8f6da118320c4979aadf5386deda691b1b7c2c96b9df3d5 nginx-1.8.0.tar.gz
+sha256 8f4b3c630966c044ec72715754334d1fdf741caa1d5795fb4646c27d09f797b7 nginx-1.8.1.tar.gz
diff --git a/package/nginx/nginx.mk b/package/nginx/nginx.mk
index 58418df..d9bc668 100644
--- a/package/nginx/nginx.mk
+++ b/package/nginx/nginx.mk
@@ -4,7 +4,7 @@
#
################################################################################
-NGINX_VERSION = 1.8.0
+NGINX_VERSION = 1.8.1
NGINX_SITE = http://nginx.org/download
NGINX_LICENSE = BSD-2c
NGINX_LICENSE_FILES = LICENSE
--
2.4.10
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [Buildroot] [PATCH] nginx: security bump to version 1.8.1
2016-01-27 12:03 [Buildroot] [PATCH] nginx: security bump to version 1.8.1 Gustavo Zacarias
@ 2016-01-27 20:37 ` Thomas Petazzoni
0 siblings, 0 replies; 2+ messages in thread
From: Thomas Petazzoni @ 2016-01-27 20:37 UTC (permalink / raw)
To: buildroot
Dear Gustavo Zacarias,
On Wed, 27 Jan 2016 09:03:30 -0300, Gustavo Zacarias wrote:
> Fixes:
>
> CVE-2016-0742 - invalid pointer dereference might occur during DNS
> server response processing if the "resolver" directive was used,
> allowing anattacker who is able to forge UDP packets from the DNS server
> to cause segmentation fault in a worker process.
>
> CVE-2016-0746 - use-after-free condition might occur during CNAME
> response processing if the "resolver" directive was used, allowing an
> attacker who is able to trigger name resolution to cause segmentation
> fault in a worker process, or might have potential other impact.
>
> CVE-2016-0747 - CNAME resolution was insufficiently limited if the
> "resolver" directive was used, allowing an attacker who is able to
> trigger arbitrary name resolution to cause excessive resource
> consumption in worker processes.
>
> Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
> ---
> package/nginx/nginx.hash | 2 +-
> package/nginx/nginx.mk | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
Applied, thanks.
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2016-01-27 20:37 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-01-27 12:03 [Buildroot] [PATCH] nginx: security bump to version 1.8.1 Gustavo Zacarias
2016-01-27 20:37 ` Thomas Petazzoni
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.