K23073482: Nginx vulnerabilities CVE-2016-0742, CVE-2016-0746, and CVE-2016-0747

Security Advisory Description CVE-2016-0742 The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service invalid pointer dereference and worker process crash via a crafted UDP DNS response. CVE-2016-0746 Use-after-free vulnerability in the resolv...

About the security content of Xcode 13

About the security content of Xcode 13 This document describes the security content of Xcode 13. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recen...

nginx < 1.8.1 / 1.9.x < 1.9.10 Multiple Vulnerabilities

According to the self-reported version in its response header, the version of nginx hosted on the remote web server is less than 1.8.1 or 1.9.x prior to 1.9.10. It is, therefore, affected by multiple vulnerabilities as noted in the vendor advisory. %NASLMINLEVEL 70300 C Tenable Network Security,...

Moderate: Red Hat Security Advisory: rh-nginx18-nginx security update

An update for rh-nginx18-nginx is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

SUSE-SU-2016:1232-1 Security update for nginx-1.0

This update for nginx-1.0 fixes the following issues: Security fixes: - CVE-2016-0742: Invalid pointer dereference during DNS server response processing - CVE-2016-0747: Resource exhaustion through unlimited CNAME resolution - CVE-2016-0746: Use-after-free condition during CNAME response processi...

Nginx DNS Resolver Denial of Service (CVE-2016-0742)

A denial-of-service vulnerability exists in NGINX. The vulnerability is due to nginx dereferencing an invalid pointer while processing certain DNS packets. A remote, man-in-the-middle attacker could exploit this vulnerability by forging UDP packets as if from a trusted DNS server...

Fedora 23 : nginx-1.8.1-1.fc23 (2016-fd3428577d)

update to upstream release 1.8.1 - CVE-2016-0747: Insufficient limits of CNAME resolution in resolver - CVE-2016-0746: Use-after-free during CNAME response processing in resolver - CVE-2016-0742: Invalid pointer dereference in resolver Note that Tenable Network Security has extracted the...

Amazon Linux AMI : nginx (ALAS-2016-655)

It was discovered that nginx could perform an out of bound read and dereference an invalid pointer when resolving CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to crash if nginx enabled the resolver in its...

Fedora 22 : nginx-1.8.1-1.fc22 (2016-bf03932bb3)

update to upstream release 1.8.1 - CVE-2016-0747: Insufficient limits of CNAME resolution in resolver - CVE-2016-0746: Use-after-free during CNAME response processing in resolver - CVE-2016-0742: Invalid pointer dereference in resolver Note that Tenable Network Security has extracted the...

Mageia: Security Advisory (MGASA-2016-0065)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated nginx packages fix security vulnerabilities

Updated nginx package fixes security vulnerabilities: Several vulnerabilities were discovered in the resolver in nginx, leading to denial of service or, potentially, to arbitrary code execution. These only affect nginx if the "resolver" directive is used in a configuration file CVE-2016-0742,...

CVE-2016-0742

The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service invalid pointer dereference and worker process crash via a crafted UDP DNS response...

Invalid pointer dereference in resolver

Invalid pointer dereference in resolver Severity: medium CVE-2016-0742 Not vulnerable: 1.9.10+, 1.8.1+ Vulnerable: 0.6.18-1.9.9...

CVE-2016-0742

The CVE-2016-0742 issue affects nginx resolver prior to 1.8.1 and 1.9.x prior to 1.9.10. A crafted UDP DNS response can trigger an invalid pointer dereference, crashing a worker process and causing a denial of service. Affected component: resolver in nginx; root cause: dereference of invalid poin...

[SECURITY] [DSA 3473-1] nginx security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3473-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 11, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3473-1] nginx security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3473-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 11, 2016 https://www.debian.org/security/faq -...

Ubuntu 14.04 LTS : nginx vulnerabilities (USN-2892-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2892-1 advisory. It was discovered that nginx incorrectly handled certain DNS server responses when the resolver is enabled. A remote attacker could possibly use this iss...

Ubuntu: Security Advisory (USN-2892-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Update : nginx (openSUSE-2016-161)

This update to nginx 1.8.1 fixes the following issues : - CVE-2016-0742: Invalid pointer dereference during DNS server response processing boo963781 - CVE-2016-0746: Use-after-free condition during CNAME response processing boo963778 - CVE-2016-0747: Resource exhaustion through unlimited CNAME...

Security fix for the ALT Linux 9 package nginx version 1.8.1-alt1

Feb. 1, 2016 Denis Smirnov 1.8.1-alt1 - 1.8.1 - CVE-2016-0742 - CVE-2016-0746 - CVE-2016-0747...