Welcome! Log In Create A New Profile

Advanced

nginx-1.9.10

Previous Message Next Message
Forum List Message List New Topic Print View
Maxim Dounin
January 26, 2016 11:42AM
Changes with nginx 1.9.10 26 Jan 2016

*) Security: invalid pointer dereference might occur during DNS server
response processing if the "resolver" directive was used, allowing an
attacker who is able to forge UDP packets from the DNS server to
cause segmentation fault in a worker process (CVE-2016-0742).

*) Security: use-after-free condition might occur during CNAME response
processing if the "resolver" directive was used, allowing an attacker
who is able to trigger name resolution to cause segmentation fault in
a worker process, or might have potential other impact
(CVE-2016-0746).

*) Security: CNAME resolution was insufficiently limited if the
"resolver" directive was used, allowing an attacker who is able to
trigger arbitrary name resolution to cause excessive resource
consumption in worker processes (CVE-2016-0747).

*) Feature: the "auto" parameter of the "worker_cpu_affinity" directive.

*) Bugfix: the "proxy_protocol" parameter of the "listen" directive did
not work with IPv6 listen sockets.

*) Bugfix: connections to upstream servers might be cached incorrectly
when using the "keepalive" directive.

*) Bugfix: proxying used the HTTP method of the original request after
an "X-Accel-Redirect" redirection.


--
Maxim Dounin
http://nginx.org/

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Reply Quote
RSS
Subject Author Posted

nginx-1.9.10

Maxim Dounin January 26, 2016 11:42AM

Re: nginx-1.9.10

George January 26, 2016 11:44PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 300
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready