AVG-139

Package nginx-mainline
Status Fixed
Severity High
Type privilege escalation
Affected 1.11.8-1
Fixed 1.11.8-2
Current 1.15.0-1 [community]
Ticket FS#52547
Created Sat Jan 14 16:47:25 2017
Issue Severity Remote Type Description
CVE-2016-1247 High No Privilege escalation
A symlink attack vulnerability was discovered in nginx. An attacker who could already run commands under the nginx user id could use this access to append...
Date Advisory Package Description
15 Jan 2017 ASA-201701-24 nginx-mainline privilege escalation
References
https://legalhackers.com/advisories/Nginx-Exploit-Deb-Root-PrivEsc-CVE-2016-1247.html