Bug 1302334 - nginx: update for CVE-2016-0742, CVE-2016-0746, CVE-2016-0747 [epel-7]
nginx: update for CVE-2016-0742, CVE-2016-0746, CVE-2016-0747 [epel-7]
Status: ON_QA
Product: Fedora EPEL
Classification: Fedora
Component: nginx (Show other bugs)
Unspecified Unspecified
unspecified Severity high
: ---
: ---
Assigned To: Jamie Nguyen
Fedora Extras Quality Assurance
: Security, SecurityTracking
Depends On:
Blocks: CVE-2016-0742 CVE-2016-0746 CVE-2016-0747
  Show dependency treegraph
Reported: 2016-01-27 09:11 EST by Pim Rupert (Lemonbit)
Modified: 2017-05-09 04:45 EDT (History)
9 users (show)

See Also:
Fixed In Version:
Doc Type: Release Note
Doc Text:
Story Points: ---
Clone Of:
: 1302599 (view as bug list)
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Pim Rupert (Lemonbit) 2016-01-27 09:11:21 EST
Description of problem:
Current version of Nginx 1.6.3 in EPEL is out-dated and contains vulnerabilities.

See: http://nginx.org/en/security_advisories.html

Solution: rebase to Nginx 1.8.1
Comment 1 Jamie Nguyen 2016-01-27 09:43:27 EST
I pushed nginx-1.6.3-8.el7 yesterday with fixes for these CVEs. Please give karma. The update hasn't actually hit updates-testing yet so you will need to download the builds from koji.

Comment 2 Tadej Janež 2017-05-09 04:45:51 EDT
I think this one can be safely closed since nginx 1.10 has been in EPEL 7 since Sep 7, 2016:

Note You need to log in before you can comment on or make changes to this bug.