http://bugzilla.opensuse.org/show_bug.cgi?id=982484 Bug ID: 982484 Summary: VUL-0: CVE-2016-4450: [nginx] A specially crafted request might result in worker process crash due to a NULL pointer dereference while writing client request body to a temporary file Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.1 Hardware: All OS: All Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: mikhail.kasimov@gmail.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Info from http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html : ========================= Hello! A problem was identified in nginx code responsible for saving client request body to a temporary file. A specially crafted request might result in worker process crash due to a NULL pointer dereference while writing client request body to a temporary file (CVE-2016-4450). The problem affects nginx 1.3.9 - 1.11.0. The problem is fixed in nginx 1.11.1, 1.10.1. Patch for nginx 1.9.13 - 1.11.0 can be found here: http://nginx.org/download/patch.2016.write.txt Patch for older nginx versions (1.3.9 - 1.9.12): http://nginx.org/download/patch.2016.write2.txt -- Maxim Dounin http://nginx.org/ ========================= -- You are receiving this mail because: You are on the CC list for the bug.