The following flaw was found in the nginx resolver: Invalid pointer dereference might occur during DNS server response processing, allowing an attacker who is able to forge UDP packets from the DNS server to cause worker process crash. This issue affects nginx only if the "resolver" directive is used in a configuration file. The problems are fixed in nginx upstream versions 1.9.10 and 1.8.1. External References: http://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html
Created nginx tracking bugs for this issue: Affects: fedora-all [bug 1302592]
Upstream commit: https://trac.nginx.org/nginx/changeset/c36482d0a79fe0f2e1467f80ec2fbcd0a2d682c6/nginx
Bug 1302589 comment 3 as few notes on how nginx resolver is used.
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS Via RHSA-2016:1425 https://access.redhat.com/errata/RHSA-2016:1425