[Buildroot] [PATCH] nginx: security bump to version 1.8.1
Thomas Petazzoni
thomas.petazzoni at free-electrons.com
Wed Jan 27 20:37:18 UTC 2016
Dear Gustavo Zacarias,
On Wed, 27 Jan 2016 09:03:30 -0300, Gustavo Zacarias wrote:
> Fixes:
>
> CVE-2016-0742 - invalid pointer dereference might occur during DNS
> server response processing if the "resolver" directive was used,
> allowing anattacker who is able to forge UDP packets from the DNS server
> to cause segmentation fault in a worker process.
>
> CVE-2016-0746 - use-after-free condition might occur during CNAME
> response processing if the "resolver" directive was used, allowing an
> attacker who is able to trigger name resolution to cause segmentation
> fault in a worker process, or might have potential other impact.
>
> CVE-2016-0747 - CNAME resolution was insufficiently limited if the
> "resolver" directive was used, allowing an attacker who is able to
> trigger arbitrary name resolution to cause excessive resource
> consumption in worker processes.
>
> Signed-off-by: Gustavo Zacarias <gustavo at zacarias.com.ar>
> ---
> package/nginx/nginx.hash | 2 +-
> package/nginx/nginx.mk | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
Applied, thanks.
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com
More information about the buildroot
mailing list