| Package | nginx |
|---|---|
| Version | 1.6.2-5+deb8u9 |
| Related CVEs | CVE-2017-20005 |
Jamie Landeg-Jones and Manfred Paul discovered a buffer overflow vulnerability in NGINX, a small, powerful, scalable web/proxy server.
NGINX has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow (or a false modification date far in the future), when encountered by the autoindex module.
For Debian 8 jessie, these problems have been fixed in version 1.6.2-5+deb8u9.
We recommend that you upgrade your nginx packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.