Bugzilla – Bug 1007000
VUL-0: CVE-2016-1247: nginx,nginx-1.0: local privilege escalation via log files
Last modified: 2020-04-23 12:10:36 UTC
From https://www.debian.org/security/2016/dsa-3701 > Dawid Golunski reported the nginx web server packages in Debian suffered from a > privilege escalation vulnerability (www-data to root) due to the way log files > are handled. This security update changes ownership of the /var/log/nginx > directory root. In addition, /var/log/nginx has to be made accessible to local > users, and local users may be able to read the log files themselves local until > the next logrotate invocation. In openSUSE, /var/log/nginx is nginx:nginx 760. We should check in which way this affects out package. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1247 http://www.debian.org/security/2016/dsa-3701 http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1247.html
nginx-1.0 still active maintained for studio/webyast probably similar to the old logrotate bug 677335 (we lack the "su nginx nginx" and "create nginx nginx" there probably, but it needs review)
bugbot adjusting priority
here too: https://legalhackers.com/advisories/Nginx-Exploit-Deb-Root-PrivEsc-CVE-2016-1247.html
We are not affected by it in all our current codestreams. Closing