[GLSA-201606-06] nginx: Multiple vulnerabilities

Severity Normal

Affected Packages 1

Unaffected Packages 1

CVEs 6

Multiple vulnerabilities have been found in nginx, the worst of which may allow a remote attacker to cause a Denial of Service.

Background
nginx is a robust, small, and high performance HTTP and reverse proxy
server.

Description
Multiple vulnerabilities have been discovered in nginx. Please review
the CVE identifiers referenced below for details.

Impact
A remote attacker could possibly cause a Denial of Service condition via
a crafted packet.

Workaround
There is no known workaround at this time.

Resolution
All nginx users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-servers/nginx-1.10.1"

Package	Affected Version
pkg:ebuild/www-servers/nginx?distro=gentoo	< 1.10.1

Package	Unaffected Version
pkg:ebuild/www-servers/nginx?distro=gentoo	>= 1.10.1

ID

GLSA-201606-06

Severity

normal

URL

https://security.gentoo.org/glsa/201606-06

Published

2016-06-17T00:00:00
(8 years ago)

Modified

2016-06-17T00:00:00
(8 years ago)

Rights

Gentoo Foundation, Inc.

Other Advisories

Source	# ID	Name	URL
CVE	CVE-2013-3587	CVE-2013-3587	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3587
CVE	CVE-2016-0742	CVE-2016-0742	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0742
CVE	CVE-2016-0746	CVE-2016-0746	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0746
CVE	CVE-2016-0747	CVE-2016-0747	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0747
CVE	CVE-2016-4450	CVE-2016-4450	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450
CVE	CVE-2016-4450	CVE-2016-4450	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450
Bugzilla	560854	Bugzilla #560854	https://bugs.gentoo.org/show_bug.cgi?id=560854
Bugzilla	573046	Bugzilla #573046	https://bugs.gentoo.org/show_bug.cgi?id=573046
Bugzilla	584744	Bugzilla #584744	https://bugs.gentoo.org/show_bug.cgi?id=584744

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:ebuild/www-servers/nginx?distro=gentoo	www-servers	nginx	< 1.10.1	gentoo
Unaffected	pkg:ebuild/www-servers/nginx?distro=gentoo	www-servers	nginx	>= 1.10.1	gentoo

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date