[arch-security] [ASA-201601-31] nginx: denial of service

Christian Rebischke Chris.Rebischke at archlinux.org
Wed Jan 27 20:39:15 UTC 2016


Arch Linux Security Advisory ASA-201601-31
==========================================

Severity: Medium
Date    : 2016-01-27
CVE-ID  : CVE-2016-0742 CVE-2016-0746 CVE-2016-0747
Package : nginx
Type    : denial of service
Remote  : Yes
Link    : https://wiki.archlinux.org/index.php/CVE

Summary
=======

The package nginx before version 1.8.1-1 is vulnerable to denial of service.

Resolution
==========

Upgrade to 1.8.1-1

# pacman -Syu "nginx>=1.8.1-1"

The problems have been fixed upstream in version 1.8.1.

Workaround
==========

None.

Description
===========

- CVE-2016-0742 (denial of service)

Invalid pointer dereference might occur during DNS server response 
processing if the "resolver" directive was used, allowing an
attacker who is able to forge UDP packets from the DNS server to
cause segmentation fault in a worker process.

- CVE-2016-0746 (denial of service)

Use-after-free condition might occur during CNAME response
processing if the "resolver" directive was used, allowing an attacker
who is able to trigger name resolution to cause segmentation fault in
a worker process, or might have potential other impact.

- CVE-2016-0747 (denial of service)

CNAME resolution was insufficiently limited if the
"resolver" directive was used, allowing an attacker who is able to
trigger arbitrary name resolution to cause excessive resource
consumption in worker processes.

Impact
======

A remote attacker is able to cause a segmentation fault and crash the
server.

References
==========

http://mailman.nginx.org/pipermail/nginx-announce/2016/000168.html

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20160127/c7b27419/attachment.asc>


More information about the arch-security mailing list