Get the most out of your Centmin Mod LEMP stack
Become a Member

Nginx [nginx-announce] nginx-1.8.1

Discussion in 'Nginx and PHP-FPM news & discussions' started by eva2000, Jan 27, 2016.

Tags:
  1. eva2000

    eva2000 Administrator Staff Member

    30,161
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    8:05 AM
    Nginx 1.13.x
    MariaDB 5.5
    Changes with nginx 1.8.1 26 Jan 2016

    *) Security: invalid pointer dereference might occur during DNS server
    response processing if the "resolver" directive was used, allowing an
    attacker who is able to forge UDP packets from the DNS server to
    cause segmentation fault in a worker process (CVE-2016-0742).

    *) Security: use-after-free condition might occur during CNAME response
    processing if the "resolver" directive was used, allowing an attacker
    who is able to trigger name resolution to cause segmentation fault in
    a worker process, or might have potential other impact
    (CVE-2016-0746).

    *) Security: CNAME resolution was insufficiently limited if the
    "resolver" directive was used, allowing an attacker who is able to
    trigger arbitrary name resolution to cause excessive resource
    consumption in worker processes (CVE-2016-0747).

    *) Bugfix: the "proxy_protocol" parameter of the "listen" directive did
    not work if not specified in the first "listen" directive for a
    listen socket.

    *) Bugfix: nginx might fail to start on some old Linux variants; the bug
    had appeared in 1.7.11.

    *) Bugfix: a segmentation fault might occur in a worker process if the
    "try_files" and "alias" directives were used inside a location given
    by a regular expression; the bug had appeared in 1.7.1.

    *) Bugfix: the "try_files" directive inside a nested location given by a
    regular expression worked incorrectly if the "alias" directive was
    used in the outer location.

    *) Bugfix: "header already sent" alerts might appear in logs when using
    cache; the bug had appeared in 1.7.5.

    *) Bugfix: a segmentation fault might occur in a worker process if
    different ssl_session_cache settings were used in different virtual
    servers.

    *) Bugfix: the "expires" directive might not work when using variables.

    *) Bugfix: if nginx was built with the ngx_http_spdy_module it was
    possible to use the SPDY protocol even if the "spdy" parameter of the
    "listen" directive was not specified.


    --
    Maxim Dounin
    http://nginx.org/

    _______________________________________________
    nginx-announce mailing list
    nginx-announce@nginx.org
    http://mailman.nginx.org/mailman/listinfo/nginx-announce

    Continue reading...