Ubuntu Security Notice USN-3352-1

Ubuntu Security Notice USN-3352-1: Posted Jul 14, 2017; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 3352-1 - It was discovered that an integer overflow existed in the range filter feature of nginx. A remote attacker could use this to expose sensitive information.; tags | advisory, remote, overflow; systems | linux, ubuntu; advisories | CVE-2017-7529; SHA-256 | 600f498d7b4084bab728c07868e8b5a07ccd3733023e2b76c91ac8906d9da164; Download | Favorite | View

Ubuntu Security Notice USN-3352-1


==========================================================================
Ubuntu Security Notice USN-3352-1
July 13, 2017

nginx vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 17.04
- Ubuntu 16.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

nginx could be made to expose sensitive information over the network.

Software Description:
- nginx: small, powerful, scalable web/proxy server

Details:

It was discovered that an integer overflow existed in the range
filter feature of nginx. A remote attacker could use this to expose
sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.04:
  nginx-common                    1.10.3-1ubuntu3.1
  nginx-core                      1.10.3-1ubuntu3.1
  nginx-extras                    1.10.3-1ubuntu3.1
  nginx-full                      1.10.3-1ubuntu3.1
  nginx-light                     1.10.3-1ubuntu3.1

Ubuntu 16.10:
  nginx-common                    1.10.1-0ubuntu1.3
  nginx-core                      1.10.1-0ubuntu1.3
  nginx-extras                    1.10.1-0ubuntu1.3
  nginx-full                      1.10.1-0ubuntu1.3
  nginx-light                     1.10.1-0ubuntu1.3

Ubuntu 16.04 LTS:
  nginx-common                    1.10.3-0ubuntu0.16.04.2
  nginx-core                      1.10.3-0ubuntu0.16.04.2
  nginx-extras                    1.10.3-0ubuntu0.16.04.2
  nginx-full                      1.10.3-0ubuntu0.16.04.2
  nginx-light                     1.10.3-0ubuntu0.16.04.2

Ubuntu 14.04 LTS:
  nginx-common                    1.4.6-1ubuntu3.8
  nginx-core                      1.4.6-1ubuntu3.8
  nginx-extras                    1.4.6-1ubuntu3.8
  nginx-full                      1.4.6-1ubuntu3.8
  nginx-light                     1.4.6-1ubuntu3.8

In general, a standard system update will make all the necessary changes.

References:
  https://www.ubuntu.com/usn/usn-3352-1
  CVE-2017-7529

Package Information:
  https://launchpad.net/ubuntu/+source/nginx/1.10.3-1ubuntu3.1
  https://launchpad.net/ubuntu/+source/nginx/1.10.1-0ubuntu1.3
  https://launchpad.net/ubuntu/+source/nginx/1.10.3-0ubuntu0.16.04.2
  https://launchpad.net/ubuntu/+source/nginx/1.4.6-1ubuntu3.8

Top Authors In Last 30 Days

Red Hat 291 files
Ubuntu 63 files
LiquidWorm 29 files
indoushka 20 files
Debian 19 files
Apple 10 files
Google Security Research 7 files
Chokri Hammedi 3 files
Jann Horn 3 files
Emiliano Febbi 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,154)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,599)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,795)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,227)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,962)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

Ubuntu Security Notice USN-3352-1

Ubuntu Security Notice USN-3352-1

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Ubuntu Security Notice USN-3352-1

Share This

Ubuntu Security Notice USN-3352-1

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems