Debian Security Advisory

DLA-404-1 nginx -- LTS security update

Date Reported:

27 Jan 2016

Affected Packages:

nginx

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 812806.
In Mitre's CVE dictionary: CVE-2016-0742.

More information:

It was discovered that there was a invalid pointer deference in nginx, a small, powerful, scalable web/proxy server. An invalid pointer dereference might occur during DNS server response processing, allowing an attacker who is able to forge UDP packets from the DNS server to cause worker process crash

For Debian 6 Squeeze, this issue has been fixed in nginx version 0.7.67-3+squeeze4+deb6u1.