Bug 1302334 - nginx: update for CVE-2016-0742, CVE-2016-0746, CVE-2016-0747 [epel-7]
Summary: nginx: update for CVE-2016-0742, CVE-2016-0746, CVE-2016-0747 [epel-7]
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora EPEL
Classification: Fedora
Component: nginx
Version: epel7
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
Assignee: Felix Kaechele
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: CVE-2016-0742 CVE-2016-0746 CVE-2016-0747
TreeView+ depends on / blocked
 
Reported: 2016-01-27 14:11 UTC by Pim Rupert
Modified: 2020-05-18 14:12 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: Release Note
Doc Text:
Clone Of:
: 1302599 (view as bug list)
Environment:
Last Closed: 2020-01-24 19:37:57 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 1302337 0 unspecified CLOSED nginx: update for CVE-2016-0742, CVE-2016-0746, CVE-2016-0747 [epel-6] 2021-02-22 00:41:40 UTC

Internal Links: 1302337

Description Pim Rupert 2016-01-27 14:11:21 UTC 
Description of problem:
Current version of Nginx 1.6.3 in EPEL is out-dated and contains vulnerabilities.

See: http://nginx.org/en/security_advisories.html

Solution: rebase to Nginx 1.8.1
Comment 1 Jamie Nguyen 2016-01-27 14:43:27 UTC 
I pushed nginx-1.6.3-8.el7 yesterday with fixes for these CVEs. Please give karma. The update hasn't actually hit updates-testing yet so you will need to download the builds from koji.

https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-f17c082f00
http://koji.fedoraproject.org/koji/buildinfo?buildID=713981
Comment 2 Tadej Janež 2017-05-09 08:45:51 UTC 
I think this one can be safely closed since nginx 1.10 has been in EPEL 7 since Sep 7, 2016:
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-b51787d61d
Note You need to log in before you can comment on or make changes to this bug.