| Bug ID | 982484 |
|---|---|
| Summary | VUL-0: CVE-2016-4450: [nginx] A specially crafted request might result in worker process crash due to a NULL pointer dereference while writing client request body to a temporary file |
| Classification | openSUSE |
| Product | openSUSE Distribution |
| Version | Leap 42.1 |
| Hardware | All |
| OS | All |
| Status | NEW |
| Severity | Normal |
| Priority | P5 - None |
| Component | Security |
| Assignee | security-team@suse.de |
| Reporter | mikhail.kasimov@gmail.com |
| QA Contact | qa-bugs@suse.de |
| Found By | --- |
| Blocker | --- |
Info from http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html : ========================= Hello! A problem was identified in nginx code responsible for saving client request body to a temporary file. A specially crafted request might result in worker process crash due to a NULL pointer dereference while writing client request body to a temporary file (CVE-2016-4450). The problem affects nginx 1.3.9 - 1.11.0. The problem is fixed in nginx 1.11.1, 1.10.1. Patch for nginx 1.9.13 - 1.11.0 can be found here: http://nginx.org/download/patch.2016.write.txt Patch for older nginx versions (1.3.9 - 1.9.12): http://nginx.org/download/patch.2016.write2.txt -- Maxim Dounin http://nginx.org/ =========================