Opened 8 years ago
Closed 8 years ago
#50454 closed update (fixed)
nginx @1.9.9_0: update to 1.9.10
| Reported by: | Schamschula (Marius Schamschula) | Owned by: | macports-tickets@… |
|---|---|---|---|
| Priority: | Normal | Milestone: | |
| Component: | ports | Version: | 2.3.4 |
| Keywords: | haspatch maintainer | Cc: | neverpanic (Clemens Lang) |
| Port: | nginx |
Description
nginx has been updated to version 1.9.10. New this version:
- Security: invalid pointer dereference might occur during DNS server response processing if the "resolver" directive was used, allowing an attacker who is able to forge UDP packets from the DNS server to cause segmentation fault in a worker process (CVE-2016-0742).
- Security: use-after-free condition might occur during CNAME response processing if the "resolver" directive was used, allowing an attacker who is able to trigger name resolution to cause segmentation fault in a worker process, or might have potential other impact (CVE-2016-0746).
- Security: CNAME resolution was insufficiently limited if the "resolver" directive was used, allowing an attacker who is able to trigger arbitrary name resolution to cause excessive resource consumption in worker processes (CVE-2016-0747).
- Feature: the "auto" parameter of the "worker_cpu_affinity" directive.
- Bugfix: the "proxy_protocol" parameter of the "listen" directive did not work with IPv6 listen sockets.
- Bugfix: connections to upstream servers might be cached incorrectly when using the "keepalive" directive.
- Bugfix: proxying used the HTTP method of the original request after an "X-Accel-Redirect" redirection.
Attachments (1)
Change History (2)
Changed 8 years ago by Schamschula (Marius Schamschula)
| Attachment: | Portfile-nginx.diff added |
|---|
comment:1 Changed 8 years ago by neverpanic (Clemens Lang)
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Note: See
TracTickets for help on using
tickets.
r145174, thanks.