First Last Prev Next    This bug is not in your last search results.
Bug 982484 - VUL-0: CVE-2016-4450: [nginx] A specially crafted request might result in worker process crash due to a NULL pointer dereference while writing client request body to a temporary file
VUL-0: CVE-2016-4450: [nginx] A specially crafted request might result in wo...
Status: RESOLVED DUPLICATE of bug 982505
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Security
Leap 42.1
All All
: P5 - None : Normal (vote)
: ---
Assigned To: Security Team bot
E-mail List
CVSSv2:SUSE:CVE-2016-4450:4.3:(AV:N/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-06-01 08:17 UTC by Mikhail Kasimov
Modified: 2016-06-07 22:35 UTC (History)
0 users

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Mikhail Kasimov 2016-06-01 08:17:34 UTC 
Info from http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html :
=========================
Hello!

A problem was identified in nginx code responsible for saving
client request body to a temporary file.  A specially crafted request
might result in worker process crash due to a NULL pointer dereference
while writing client request body to a temporary file (CVE-2016-4450).

The problem affects nginx 1.3.9 - 1.11.0.

The problem is fixed in nginx 1.11.1, 1.10.1.

Patch for nginx 1.9.13 - 1.11.0 can be found here:

http://nginx.org/download/patch.2016.write.txt

Patch for older nginx versions (1.3.9 - 1.9.12):

http://nginx.org/download/patch.2016.write2.txt

-- 
Maxim Dounin
http://nginx.org/
=========================
Comment 1 Marcus Meissner 2016-06-01 09:51:44 UTC 
thanks, dup of 982505

*** This bug has been marked as a duplicate of bug 982505 ***
First Last Prev Next    This bug is not in your last search results.