Oval Definition:oval:org.cisecurity:def:1335
Revision Date:2016-12-09Version:6
Title:DSA-3701-2 -- nginx -- security update
Description:Dawid Golunski reported the nginx web server packages in Debian suffered from a privilege escalation vulnerability (www-data to root) due to the way log files are handled. This security update changes ownership of the /var/log/nginx directory root. In addition, /var/log/nginx has to be made accessible to local users, and local users may be able to read the log files themselves local until the next logrotate invocation.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2016-1247
DSA-3701-2
Platform(s):Debian 8
Product(s):nginx
Definition Synopsis
  • Debian 8 is installed
  • AND nginx is earlier than 0:1.6.2-5+deb8u3
  • BACK