Opensourcetechブログ

OpensourcetechによるNGINX/Kubernetes/Zabbix/Neo4j/Linuxなどオープンソース技術に関するブログです。

Nginx 1.8.1 & 1.9.10 release !! [CVE-2016-0742, CVE-2016-0746, CVE-2016-0747対応など]

こんにちは、鯨井貴博@opensourcetechです。

 

先日、Nginxのmainline新バージョン 1.9.10、

stable新バージョン1.8.10がリリースされました。

http://nginx.org/

f:id:opensourcetech:20160127092407p:plain

 

更新内容としては、

脆弱性(CVE-2016-0742, CVE-2016-0746, CVE-2016-0747)への対応と、

バグフィックスが主な内容となります。

f:id:opensourcetech:20160127092422p:plain

 

 

1.8.1のupdates(from http://nginx.org/en/CHANGES-1.8)

Changes with nginx 1.8.1                                         26 Jan 2016

    *) Security: invalid pointer dereference might occur during DNS server
       response processing if the "resolver" directive was used, allowing an
       attacker who is able to forge UDP packets from the DNS server to
       cause segmentation fault in a worker process (CVE-2016-0742).

    *) Security: use-after-free condition might occur during CNAME response
       processing if the "resolver" directive was used, allowing an attacker
       who is able to trigger name resolution to cause segmentation fault in
       a worker process, or might have potential other impact
       (CVE-2016-0746).

    *) Security: CNAME resolution was insufficiently limited if the
       "resolver" directive was used, allowing an attacker who is able to
       trigger arbitrary name resolution to cause excessive resource
       consumption in worker processes (CVE-2016-0747).

    *) Bugfix: the "proxy_protocol" parameter of the "listen" directive did
       not work if not specified in the first "listen" directive for a
       listen socket.

    *) Bugfix: nginx might fail to start on some old Linux variants; the bug
       had appeared in 1.7.11.

    *) Bugfix: a segmentation fault might occur in a worker process if the
       "try_files" and "alias" directives were used inside a location given
       by a regular expression; the bug had appeared in 1.7.1.

    *) Bugfix: the "try_files" directive inside a nested location given by a
       regular expression worked incorrectly if the "alias" directive was
       used in the outer location.

    *) Bugfix: "header already sent" alerts might appear in logs when using
       cache; the bug had appeared in 1.7.5.

    *) Bugfix: a segmentation fault might occur in a worker process if
       different ssl_session_cache settings were used in different virtual
       servers.

    *) Bugfix: the "expires" directive might not work when using variables.

    *) Bugfix: if nginx was built with the ngx_http_spdy_module it was
       possible to use the SPDY protocol even if the "spdy" parameter of the
       "listen" directive was not specified.


1.9.10のupdates(from http://nginx.org/en/CHANGES)

Changes with nginx 1.9.10                                        26 Jan 2016

    *) Security: invalid pointer dereference might occur during DNS server
       response processing if the "resolver" directive was used, allowing an
       attacker who is able to forge UDP packets from the DNS server to
       cause segmentation fault in a worker process (CVE-2016-0742).

    *) Security: use-after-free condition might occur during CNAME response
       processing if the "resolver" directive was used, allowing an attacker
       who is able to trigger name resolution to cause segmentation fault in
       a worker process, or might have potential other impact
       (CVE-2016-0746).

    *) Security: CNAME resolution was insufficiently limited if the
       "resolver" directive was used, allowing an attacker who is able to
       trigger arbitrary name resolution to cause excessive resource
       consumption in worker processes (CVE-2016-0747).

    *) Feature: the "auto" parameter of the "worker_cpu_affinity" directive.

    *) Bugfix: the "proxy_protocol" parameter of the "listen" directive did
       not work with IPv6 listen sockets.

    *) Bugfix: connections to upstream servers might be cached incorrectly
       when using the "keepalive" directive.

    *) Bugfix: proxying used the HTTP method of the original request after
       an "X-Accel-Redirect" redirection.

 

 

 

 

にほんブログ村 IT技術ブログ Linuxへ
Linux

にほんブログ村 IT技術ブログ オープンソースへ
オープンソース

Opensourcetech by Takahiro Kujirai