Welcome! Log In Create A New Profile

Advanced

[nginx-announce] nginx-1.9.10

Posted by Maxim Dounin 
Maxim Dounin
[nginx-announce] nginx-1.9.10
January 26, 2016 11:56AM
Changes with nginx 1.9.10 26 Jan 2016

*) Security: invalid pointer dereference might occur during DNS server
response processing if the "resolver" directive was used, allowing an
attacker who is able to forge UDP packets from the DNS server to
cause segmentation fault in a worker process (CVE-2016-0742).

*) Security: use-after-free condition might occur during CNAME response
processing if the "resolver" directive was used, allowing an attacker
who is able to trigger name resolution to cause segmentation fault in
a worker process, or might have potential other impact
(CVE-2016-0746).

*) Security: CNAME resolution was insufficiently limited if the
"resolver" directive was used, allowing an attacker who is able to
trigger arbitrary name resolution to cause excessive resource
consumption in worker processes (CVE-2016-0747).

*) Feature: the "auto" parameter of the "worker_cpu_affinity" directive.

*) Bugfix: the "proxy_protocol" parameter of the "listen" directive did
not work with IPv6 listen sockets.

*) Bugfix: connections to upstream servers might be cached incorrectly
when using the "keepalive" directive.

*) Bugfix: proxying used the HTTP method of the original request after
an "X-Accel-Redirect" redirection.


--
Maxim Dounin
http://nginx.org/

_______________________________________________
nginx-announce mailing list
nginx-announce@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-announce
Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 128
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready