Dawid Golunski discovered that the nginx package incorrectly handled log file permissions. A remote attacker could possibly use this issue to obtain root privileges.
{ "binaries": [ { "binary_name": "nginx", "binary_version": "1.4.6-1ubuntu3.6" }, { "binary_name": "nginx-common", "binary_version": "1.4.6-1ubuntu3.6" }, { "binary_name": "nginx-core", "binary_version": "1.4.6-1ubuntu3.6" }, { "binary_name": "nginx-extras", "binary_version": "1.4.6-1ubuntu3.6" }, { "binary_name": "nginx-full", "binary_version": "1.4.6-1ubuntu3.6" }, { "binary_name": "nginx-light", "binary_version": "1.4.6-1ubuntu3.6" }, { "binary_name": "nginx-naxsi", "binary_version": "1.4.6-1ubuntu3.6" }, { "binary_name": "nginx-naxsi-ui", "binary_version": "1.4.6-1ubuntu3.6" } ], "availability": "No subscription required" }
{ "binaries": [ { "binary_name": "nginx", "binary_version": "1.10.0-0ubuntu0.16.04.3" }, { "binary_name": "nginx-common", "binary_version": "1.10.0-0ubuntu0.16.04.3" }, { "binary_name": "nginx-core", "binary_version": "1.10.0-0ubuntu0.16.04.3" }, { "binary_name": "nginx-extras", "binary_version": "1.10.0-0ubuntu0.16.04.3" }, { "binary_name": "nginx-full", "binary_version": "1.10.0-0ubuntu0.16.04.3" }, { "binary_name": "nginx-light", "binary_version": "1.10.0-0ubuntu0.16.04.3" } ], "availability": "No subscription required" }