Bugzilla – Bug 963778
VUL-1: CVE-2016-0746: nginx-1.0: Use-after-free condition during CNAME response processing
Last modified: 2019-02-06 15:46:12 UTC
CVE-2016-0746 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812806 Use-after-free condition might occur during CNAME response processing. This problem allows an attacker who is able to trigger name resolution to cause worker process crash, or might have potential other impact (CVE-2016-0746). The problems affect nginx 0.6.18 - 1.9.9 if the "resolver" directive is used in a configuration file. The problems are fixed in nginx 1.9.10, 1.8.1. http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0746 http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-0746.html
bugbot adjusting priority
openSUSE update running
openSUSE-SU-2016:0371-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 963775,963778,963781 CVE References: CVE-2016-0742,CVE-2016-0746,CVE-2016-0747 Sources used: openSUSE Leap 42.1 (src): nginx-1.8.1-5.1
As Markus docu says: https://w3.suse.de/~meissner/SUSE-LunchAndLearn-SLE-Maintenance.pdf I have sent a reqeust to SUSE:Maintenance: https://build.suse.de/request/show/93470 I have tested this fix with WebYaST.
released
SUSE-SU-2016:1232-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 963775,963778,963781 CVE References: CVE-2016-0742,CVE-2016-0746,CVE-2016-0747 Sources used: SUSE Webyast 1.3 (src): GeoIP-1.4.7-2.10.1, nginx-1.0-1.0.15-0.29.2 SUSE Studio Onsite 1.3 (src): GeoIP-1.4.7-2.10.1, nginx-1.0-1.0.15-0.29.2 SUSE Lifecycle Management Server 1.3 (src): GeoIP-1.4.7-2.10.1, nginx-1.0-1.0.15-0.29.2