Severity

Medium

Vendor

Nginx, Canonical Ubuntu

Versions Affected

• BOSH-release versions prior to 255.11

Description

It was discovered that nginx incorrectly handled saving client request bodies to temporary files. A remote attacker could possibly use this issue to cause nginx to crash, resulting in a denial of service.

Mitigation

Users of affected versions should apply the following mitigation:

• For BOSH-only deployments, upgrade BOSH-release to version 255.11

References

• [1] http://bosh.io
• [2] http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4450.html