[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

DSA-3701-2 nginx -- nginx

ID: oval:org.secpod.oval:def:602655Date: (C)2016-11-04   (M)2023-12-20
Class: PATCHFamily: unix




The update for nginx issued as DSA-3701-1 to address CVE-2016-1247 introduced a packaging issue, which prevents nginx from being reinstalled or upgraded to a subsequent release. Updated packages are now available to address this problem. For reference, the original advisory text follows. Dawid Golunski reported the nginx web server packages in Debian suffered from a privilege escalation vulnerability due to the way log files are handled. This security update changes ownership of the /var/log/nginx directory root. In addition, /var/log/nginx has to be made accessible to local users, and local users may be able to read the log files themselves local until the next logrotate invocation.

Platform:
Debian 8.x
Product:
nginx
Reference:
DSA-3701-2
CVE-2016-1247
CVE    1
CVE-2016-1247
CPE    2
cpe:/a:nginx:nginx
cpe:/o:debian:debian_linux:8.x

© SecPod Technologies