1
PublicDateAtUSN: 2016-01-26
2
Candidate: CVE-2016-0746
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0746
6
http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html
7
https://usn.ubuntu.com/usn/usn-2892-1
9
Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0
10
and 1.9.x before 1.9.10 allows remote attackers to cause a denial of
11
service (worker process crash) or possibly have unspecified other impact
12
via a crafted DNS response related to CNAME response processing.
16
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812806
17
https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1538165
23
upstream: https://github.com/nginx/nginx/commit/a3d42258d97ebd0b638c20976654d3edfbaf943f
24
upstream: https://github.com/nginx/nginx/commit/4b581a7c21e4328d059bf400a059c0458fc9f806
25
upstream: https://github.com/nginx/nginx/commit/b1a110e3a457d98f0eaffb0cb0e646df9178024f
26
upstream_nginx: released (1.9.10-1, 1.9.10, 1.8.1.)
27
precise_nginx: ignored (reached end-of-life)
28
precise/esm_nginx: DNE (precise was needed)
29
trusty_nginx: released (1.4.6-1ubuntu3.4)
30
vivid_nginx: ignored (reached end-of-life)
31
vivid/stable-phone-overlay_nginx: DNE
32
vivid/ubuntu-core_nginx: DNE
33
wily_nginx: released (1.9.3-1ubuntu1.1)
34
xenial_nginx: released (1.9.10-0ubuntu1)
35
yakkety_nginx: released (1.9.10-0ubuntu1)
36
zesty_nginx: released (1.9.10-0ubuntu1)
37
devel_nginx: released (1.9.10-0ubuntu1)