nginx: Mutiples vulnerabilities (CVE-2016-0742, CVE-2016-0746, CVE-2016-0747)
CVE-2016-0742: Invalid pointer dereference in resolver
CVE-2016-0746: Use-after-free during CNAME response processing in resolver
CVE-2016-0747: Insufficient limits of CNAME resolution in resolver
Vulnerable: 0.6.18-1.9.9
The problems are fixed in nginx 1.9.10, 1.8.1.
References:
http://nginx.org/en/security\_advisories.html
(from redmine: issue id 5051, created on 2016-01-27, closed on 2016-02-08)
- Relations:
- child #5052 (closed)
- child #5053 (closed)