Описание
Security update for nginx
This update to nginx 1.8.1 fixes the following issues:
- CVE-2016-0742: Invalid pointer dereference during DNS server response processing (boo#963781)
- CVE-2016-0746: Use-after-free condition during CNAME response processing (boo#963778)
- CVE-2016-0747: Resource exhaustion through unlimited CNAME resolution (boo#963775)
Список пакетов
openSUSE Leap 42.1
Ссылки
- E-Mail link for openSUSE-SU-2016:0371-1
- SUSE Security Ratings
Описание
The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.
Затронутые продукты
Ссылки
- CVE-2016-0742
- SUSE Bug 963781
Описание
Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspecified other impact via a crafted DNS response related to CNAME response processing.
Затронутые продукты
Ссылки
- CVE-2016-0746
- SUSE Bug 963778
Описание
The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution.
Затронутые продукты
Ссылки
- CVE-2016-0747
- SUSE Bug 963775