=========================================================================== Ubuntu Security Notice USN-3114-2 October 27, 2016 nginx regression =========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.10 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: USN-3114-1 introduced a regression in nginx packaging. Software Description: - nginx: small, powerful, scalable web/proxy server Details: USN-3114-1 fixed a vulnerability in nginx. A packaging issue prevented nginx from being reinstalled or upgraded to a subsequent release. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Dawid Golunski discovered that the nginx package incorrectly handled log file permissions. A remote attacker could possibly use this issue to obtain root privileges. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.10: nginx-common 1.10.1-0ubuntu1.2 nginx-core 1.10.1-0ubuntu1.2 nginx-extras 1.10.1-0ubuntu1.2 nginx-full 1.10.1-0ubuntu1.2 nginx-light 1.10.1-0ubuntu1.2 Ubuntu 16.04 LTS: nginx-common 1.10.0-0ubuntu0.16.04.4 nginx-core 1.10.0-0ubuntu0.16.04.4 nginx-extras 1.10.0-0ubuntu0.16.04.4 nginx-full 1.10.0-0ubuntu0.16.04.4 nginx-light 1.10.0-0ubuntu0.16.04.4 Ubuntu 14.04 LTS: nginx-common 1.4.6-1ubuntu3.7 nginx-core 1.4.6-1ubuntu3.7 nginx-extras 1.4.6-1ubuntu3.7 nginx-full 1.4.6-1ubuntu3.7 nginx-light 1.4.6-1ubuntu3.7 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-3114-2 http://www.ubuntu.com/usn/usn-3114-1 https://launchpad.net/bugs/1637058 Package Information: https://launchpad.net/ubuntu/+source/nginx/1.10.1-0ubuntu1.2 https://launchpad.net/ubuntu/+source/nginx/1.10.0-0ubuntu0.16.04.4 https://launchpad.net/ubuntu/+source/nginx/1.4.6-1ubuntu3.7