20 matches found
About the security content of Xcode 13
About the security content of Xcode 13 This document describes the security content of Xcode 13. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recen...
Security Bulletin: IBM API Connect is affected by PHP (CVE-2015-9253) and nginx (CVE-2016-0746) vulnerabilities
Summary IBM API Connect Developer Portal has addressed the following vulnerabilities. PHP is vulnerable to a denial of service, caused by an endless loop in the php-fpm main process. A remote attacker could exploit this vulnerability to exhaust CPU and disk space resources. Nginx is vulnerable to...
nginx < 1.8.1 / 1.9.x < 1.9.10 Multiple Vulnerabilities
According to the self-reported version in its response header, the version of nginx hosted on the remote web server is less than 1.8.1 or 1.9.x prior to 1.9.10. It is, therefore, affected by multiple vulnerabilities as noted in the vendor advisory. %NASLMINLEVEL 70300 C Tenable Network Security,...
Moderate: Red Hat Security Advisory: rh-nginx18-nginx security update
An update for rh-nginx18-nginx is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
SUSE-SU-2016:1232-1 Security update for nginx-1.0
This update for nginx-1.0 fixes the following issues: Security fixes: - CVE-2016-0742: Invalid pointer dereference during DNS server response processing - CVE-2016-0747: Resource exhaustion through unlimited CNAME resolution - CVE-2016-0746: Use-after-free condition during CNAME response processi...
Amazon Linux AMI : nginx (ALAS-2016-655)
It was discovered that nginx could perform an out of bound read and dereference an invalid pointer when resolving CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to crash if nginx enabled the resolver in its...
Fedora 23 : nginx-1.8.1-1.fc23 (2016-fd3428577d)
update to upstream release 1.8.1 - CVE-2016-0747: Insufficient limits of CNAME resolution in resolver - CVE-2016-0746: Use-after-free during CNAME response processing in resolver - CVE-2016-0742: Invalid pointer dereference in resolver Note that Tenable Network Security has extracted the...
Fedora 22 : nginx-1.8.1-1.fc22 (2016-bf03932bb3)
update to upstream release 1.8.1 - CVE-2016-0747: Insufficient limits of CNAME resolution in resolver - CVE-2016-0746: Use-after-free during CNAME response processing in resolver - CVE-2016-0742: Invalid pointer dereference in resolver Note that Tenable Network Security has extracted the...
Mageia: Security Advisory (MGASA-2016-0065)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated nginx packages fix security vulnerabilities
Updated nginx package fixes security vulnerabilities: Several vulnerabilities were discovered in the resolver in nginx, leading to denial of service or, potentially, to arbitrary code execution. These only affect nginx if the "resolver" directive is used in a configuration file CVE-2016-0742,...
CVE-2016-0746
Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service worker process crash or possibly have unspecified other impact via a crafted DNS response related to CNAME response processing...
CVE-2016-0746
CVE-2016-0746 is a use-after-free in nginx’s resolver when processing DNS CNAME responses. The issue affects nginx versions before 1.8.1 and 1.9.x before 1.9.10; exploitation could crash worker processes or yield other unspecified impacts. Remediation per connected docs: upgrade to non‑vulnerable...
CVE-2016-0746
Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service worker process crash or possibly have unspecified other impact via a crafted DNS response related to CNAME response processing...
Use-after-free during CNAME response processing in resolver
Use-after-free during CNAME response processing in resolver Severity: medium CVE-2016-0746 Not vulnerable: 1.9.10+, 1.8.1+ Vulnerable: 0.6.18-1.9.9...
[SECURITY] [DSA 3473-1] nginx security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3473-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 11, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3473-1] nginx security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3473-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 11, 2016 https://www.debian.org/security/faq -...
Ubuntu: Security Advisory (USN-2892-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Update : nginx (openSUSE-2016-161)
This update to nginx 1.8.1 fixes the following issues : - CVE-2016-0742: Invalid pointer dereference during DNS server response processing boo963781 - CVE-2016-0746: Use-after-free condition during CNAME response processing boo963778 - CVE-2016-0747: Resource exhaustion through unlimited CNAME...
Security fix for the ALT Linux 9 package nginx version 1.8.1-alt1
Feb. 1, 2016 Denis Smirnov 1.8.1-alt1 - 1.8.1 - CVE-2016-0742 - CVE-2016-0746 - CVE-2016-0747...
CVE-2016-0746
Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service worker process crash or possibly have unspecified other impact via a crafted DNS response related to CNAME response processing...