|
|
Subscribe / Log in / New account

nginx: privilege escalation

Package(s):nginx CVE #(s):CVE-2016-1247
Created:October 26, 2016 Updated:January 16, 2017
Description: From the Debian advisory:

Dawid Golunski reported the nginx web server packages in Debian suffered from a privilege escalation vulnerability (www-data to root) due to the way log files are handled. This security update changes ownership of the /var/log/nginx directory root. In addition, /var/log/nginx has to be made accessible to local users, and local users may be able to read the log files themselves local until the next logrotate invocation.

Alerts:
Ubuntu USN-3114-2 nginx 2016-10-27
Debian DSA-3701-2 nginx 2016-10-28
Ubuntu USN-3114-1 nginx 2016-10-25
Debian DSA-3701-1 nginx 2016-10-25
Arch Linux ASA-201701-24 nginx-mainline 2017-01-15
Arch Linux ASA-201701-23 nginx 2017-01-15
Gentoo 201701-22 nginx 2017-01-11
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds