nginx: denial of service

2016-01-27T00:00:00
ID ASA-201601-31
Type archlinux
Reporter Arch Linux
Modified 2016-01-27T00:00:00

Description

  • CVE-2016-0742 (denial of service)

Invalid pointer dereference might occur during DNS server response processing if the "resolver" directive was used, allowing an attacker who is able to forge UDP packets from the DNS server to cause segmentation fault in a worker process.

  • CVE-2016-0746 (denial of service)

Use-after-free condition might occur during CNAME response processing if the "resolver" directive was used, allowing an attacker who is able to trigger name resolution to cause segmentation fault in a worker process, or might have potential other impact.

  • CVE-2016-0747 (denial of service)

CNAME resolution was insufficiently limited if the "resolver" directive was used, allowing an attacker who is able to trigger arbitrary name resolution to cause excessive resource consumption in worker processes.