Bug 1302334 - nginx: update for CVE-2016-0742, CVE-2016-0746, CVE-2016-0747 [epel-7]
Summary: nginx: update for CVE-2016-0742, CVE-2016-0746, CVE-2016-0747 [epel-7]
Keywords:
Status: ON_QA
Alias: None
Product: Fedora EPEL
Classification: Fedora
Component: nginx
Version: epel7
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
Assignee: Jamie Nguyen
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: CVE-2016-0742 CVE-2016-0746 CVE-2016-0747
TreeView+ depends on / blocked
 
Reported: 2016-01-27 14:11 UTC by Pim Rupert
Modified: 2017-05-09 08:45 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: Release Note
Doc Text:
Clone Of:
: 1302599 (view as bug list)
Environment:
Last Closed:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Bugzilla 1302337 None CLOSED nginx: update for CVE-2016-0742, CVE-2016-0746, CVE-2016-0747 [epel-6] 2019-07-22 15:03:23 UTC

Internal Links: 1302337

Description Pim Rupert 2016-01-27 14:11:21 UTC
Description of problem:
Current version of Nginx 1.6.3 in EPEL is out-dated and contains vulnerabilities.

See: http://nginx.org/en/security_advisories.html

Solution: rebase to Nginx 1.8.1

Comment 1 Jamie Nguyen 2016-01-27 14:43:27 UTC
I pushed nginx-1.6.3-8.el7 yesterday with fixes for these CVEs. Please give karma. The update hasn't actually hit updates-testing yet so you will need to download the builds from koji.

https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-f17c082f00
http://koji.fedoraproject.org/koji/buildinfo?buildID=713981

Comment 2 Tadej Janež 2017-05-09 08:45:51 UTC
I think this one can be safely closed since nginx 1.10 has been in EPEL 7 since Sep 7, 2016:
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-b51787d61d


Note You need to log in before you can comment on or make changes to this bug.