SUSE-SU-2016:1232-1

UNKNOWN

Security update for nginx-1.0

Published May 4, 2016

Modified 9 years ago

Fix available

Details

This update for nginx-1.0 fixes the following issues:

Security fixes:

CVE-2016-0742: Invalid pointer dereference during DNS server response processing
CVE-2016-0747: Resource exhaustion through unlimited CNAME resolution
CVE-2016-0746: Use-after-free condition during CNAME response processing

Affected Packages

GeoIP

SUSE Lifecycle Management Server 1.3SUSE Studio Onsite 1.3SUSE WebYast 1.3

Fixed in:

1.4.7-2.10.1

libGeoIP1

SUSE Lifecycle Management Server 1.3SUSE Studio Onsite 1.3SUSE WebYast 1.3

Fixed in:

1.4.7-2.10.1

nginx-1.0

SUSE Lifecycle Management Server 1.3SUSE Studio Onsite 1.3SUSE WebYast 1.3

Fixed in:

1.0.15-0.29.2

References

Upstream

Ecosystems

Timeline

PublishedMay 4, 2016

ModifiedMay 4, 2016

SUSE-SU-2016:1232-1 | Mondoo Vulnerability Intelligence