Bug 982484

Summary: VUL-0: CVE-2016-4450: [nginx] A specially crafted request might result in worker process crash due to a NULL pointer dereference while writing client request body to a temporary file
Product: [openSUSE] openSUSE Distribution Reporter: Mikhail Kasimov <mikhail.kasimov>
Component: SecurityAssignee: Security Team bot <security-team>
Status: RESOLVED DUPLICATE QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None    
Version: Leap 42.1   
Target Milestone: ---   
Hardware: All   
OS: All   
Whiteboard: CVSSv2:SUSE:CVE-2016-4450:4.3:(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVSSv2:RedHat:CVE-2016-4450:4.3:(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVSSv2:NVD:CVE-2016-4450:5.0:(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Mikhail Kasimov 2016-06-01 08:17:34 UTC 
Info from http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html :
=========================
Hello!

A problem was identified in nginx code responsible for saving
client request body to a temporary file.  A specially crafted request
might result in worker process crash due to a NULL pointer dereference
while writing client request body to a temporary file (CVE-2016-4450).

The problem affects nginx 1.3.9 - 1.11.0.

The problem is fixed in nginx 1.11.1, 1.10.1.

Patch for nginx 1.9.13 - 1.11.0 can be found here:

http://nginx.org/download/patch.2016.write.txt

Patch for older nginx versions (1.3.9 - 1.9.12):

http://nginx.org/download/patch.2016.write2.txt

-- 
Maxim Dounin
http://nginx.org/
=========================
Comment 1 Marcus Meissner 2016-06-01 09:51:44 UTC 
thanks, dup of 982505

*** This bug has been marked as a duplicate of bug 982505 ***