[3.3] nginx: Mutiples vulnerabilities (CVE-2016-0742, CVE-2016-0746, CVE-2016-0747)
CVE-2016-0742: Invalid pointer dereference in resolver
CVE-2016-0746: Use-after-free during CNAME response processing in resolver
CVE-2016-0747: Insufficient limits of CNAME resolution in resolver
Vulnerable: 0.6.18-1.9.9
The problems are fixed in nginx 1.9.10, 1.8.1.
References:
http://nginx.org/en/security\_advisories.html
(from redmine: issue id 5052, created on 2016-01-27, closed on 2016-02-08)
- Relations:
- parent #5051 (closed)
- Changesets:
- Revision 372b38ff by Natanael Copa on 2016-02-08T19:32:43Z:
main/nginx: security upgrade to 1.8.1
CVE-2016-0742
CVE-2016-0746
CVE-2016-0747
fixes #5052