nginx is a robust, small, and high performance HTTP and reverse proxy server.
It was discovered that Gentoo’s default NGINX installation applied similar problematic permissions on “/var/log/nginx” as Debian (DSA-3701) and is therefore vulnerable to the same attack described in CVE-2016-1247.
A local attacker, who either is already NGINX’s system user or belongs to NGINX’s group, could potentially escalate privileges.
Ensure that no untrusted user can create files in directories which are used by NGINX (or an NGINX vhost) to store log files.
All NGINX users should upgrade to the latest ebuild revision:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.10.2-r3"