ALAS-2016-715


Amazon Linux AMI Security Advisory: ALAS-2016-715
Advisory Release Date: 2016-06-15 13:30 Pacific
Severity: Medium
References: CVE-2016-4450 

Issue Overview:

A problem was identified in nginx code responsible for saving client request body to a temporary file. A specially crafted request might result in worker process crash due to a NULL pointer dereference while writing client request body to a temporary file.


Affected Packages:

nginx


Issue Correction:
Run yum update nginx to update your system.

New Packages:
i686:
    nginx-debuginfo-1.8.1-3.27.amzn1.i686
    nginx-1.8.1-3.27.amzn1.i686

src:
    nginx-1.8.1-3.27.amzn1.src

x86_64:
    nginx-1.8.1-3.27.amzn1.x86_64
    nginx-debuginfo-1.8.1-3.27.amzn1.x86_64