pool/nginx
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 356721 from home:AndreasStieger:branches:server:http

Browse Source 
add bugzilla references

OBS-URL: https://build.opensuse.org/request/show/356721
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=59
This commit is contained in:
Marguerite Su 2016-01-31 03:21:11 +00:00 committed by Git OBS Bridge
parent e611ce2c01
commit 053eebd6c5
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
nginx.changes
View File

@ -5,16 +5,16 @@ Thu Jan 28 01:36:01 UTC 2016 - i@marguerite.su
* Security: invalid pointer dereference might occur during DNS server
response processing if the "resolver" directive was used, allowing an
attacker who is able to forge UDP packets from the DNS server to
cause segmentation fault in a worker process (CVE-2016-0742).
cause segmentation fault in a worker process (CVE-2016-0742). boo#963781
 * Security: use-after-free condition might occur during CNAME response
processing if the "resolver" directive was used, allowing an attacker
who is able to trigger name resolution to cause segmentation fault in
a worker process, or might have potential other impact
(CVE-2016-0746).
(CVE-2016-0746). boo#963778
 * Security: CNAME resolution was insufficiently limited if the
"resolver" directive was used, allowing an attacker who is able to
trigger arbitrary name resolution to cause excessive resource
consumption in worker processes (CVE-2016-0747).
consumption in worker processes (CVE-2016-0747). boo#963775
 * Bugfix: the "proxy_protocol" parameter of the "listen" directive did
not work if not specified in the first "listen" directive for a
listen socket.