About the security content of Xcode 13

About the security content of Xcode 13 This document describes the security content of Xcode 13. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recen...

nginx < 1.8.1 / 1.9.x < 1.9.10 Multiple Vulnerabilities

According to the self-reported version in its response header, the version of nginx hosted on the remote web server is less than 1.8.1 or 1.9.x prior to 1.9.10. It is, therefore, affected by multiple vulnerabilities as noted in the vendor advisory. %NASLMINLEVEL 70300 C Tenable Network Security,...

Moderate: Red Hat Security Advisory: rh-nginx18-nginx security update

An update for rh-nginx18-nginx is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

SUSE-SU-2016:1232-1 Security update for nginx-1.0

This update for nginx-1.0 fixes the following issues: Security fixes: - CVE-2016-0742: Invalid pointer dereference during DNS server response processing - CVE-2016-0747: Resource exhaustion through unlimited CNAME resolution - CVE-2016-0746: Use-after-free condition during CNAME response processi...

Fedora 23 : nginx-1.8.1-1.fc23 (2016-fd3428577d)

update to upstream release 1.8.1 - CVE-2016-0747: Insufficient limits of CNAME resolution in resolver - CVE-2016-0746: Use-after-free during CNAME response processing in resolver - CVE-2016-0742: Invalid pointer dereference in resolver Note that Tenable Network Security has extracted the...

Fedora 22 : nginx-1.8.1-1.fc22 (2016-bf03932bb3)

update to upstream release 1.8.1 - CVE-2016-0747: Insufficient limits of CNAME resolution in resolver - CVE-2016-0746: Use-after-free during CNAME response processing in resolver - CVE-2016-0742: Invalid pointer dereference in resolver Note that Tenable Network Security has extracted the...

Amazon Linux AMI : nginx (ALAS-2016-655)

It was discovered that nginx could perform an out of bound read and dereference an invalid pointer when resolving CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to crash if nginx enabled the resolver in its...

Mageia: Security Advisory (MGASA-2016-0065)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated nginx packages fix security vulnerabilities

Updated nginx package fixes security vulnerabilities: Several vulnerabilities were discovered in the resolver in nginx, leading to denial of service or, potentially, to arbitrary code execution. These only affect nginx if the "resolver" directive is used in a configuration file CVE-2016-0742,...

CVE-2016-0747

The CVE-2016-0747 entry affects nginx rescanner behavior: the resolver in nginx (versions prior to 1.8.1 and 1.9.x prior to 1.9.10) does not properly limit CNAME resolution, allowing remote attackers to cause denial of service via excessive name-resolution work. Public details across multiple sou...

Insufficient limits of CNAME resolution in resolver

Insufficient limits of CNAME resolution in resolver Severity: medium CVE-2016-0747 Not vulnerable: 1.9.10+, 1.8.1+ Vulnerable: 0.6.18-1.9.9...

[SECURITY] [DSA 3473-1] nginx security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3473-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 11, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3473-1] nginx security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3473-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 11, 2016 https://www.debian.org/security/faq -...

Ubuntu: Security Advisory (USN-2892-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Update : nginx (openSUSE-2016-161)

This update to nginx 1.8.1 fixes the following issues : - CVE-2016-0742: Invalid pointer dereference during DNS server response processing boo963781 - CVE-2016-0746: Use-after-free condition during CNAME response processing boo963778 - CVE-2016-0747: Resource exhaustion through unlimited CNAME...

Security fix for the ALT Linux 9 package nginx version 1.8.1-alt1

Feb. 1, 2016 Denis Smirnov 1.8.1-alt1 - 1.8.1 - CVE-2016-0742 - CVE-2016-0746 - CVE-2016-0747...

CVE-2016-0747

The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service worker process resource consumption via vectors related to arbitrary name resolution...