nginx-common - small, powerful, scalable web/proxy server - common files

Property Value
Distribution Ubuntu 16.04 LTS (Xenial Xerus)
Repository Ubuntu Updates Main i386
Package filename nginx-common_1.10.3-0ubuntu0.16.04.4_all.deb
Package name nginx-common
Package version 1.10.3
Package release 0ubuntu0.16.04.4
Package architecture all
Package type deb
Category httpd
License -
Maintainer Ubuntu Developers <>
Download size 26.30 KB
Installed size 166.00 KB
Nginx ("engine X") is a high-performance web and reverse proxy server
created by Igor Sysoev. It can be used both as a standalone web server
and as a proxy to reduce the load on back-end HTTP or mail servers.
This package contains base configuration files used by all versions of


Package Version Architecture Repository
nginx-common_1.10.3-0ubuntu0.16.04.4_all.deb 1.10.3 all Ubuntu Updates Main
nginx-common_1.9.15-0ubuntu1_all.deb 1.9.15 all Ubuntu Main
nginx-common_1.9.15-0ubuntu1_all.deb 1.9.15 all Ubuntu Main
nginx-common - - -


Name Value
debconf >= 0.5
debconf-2.0 -
init-system-helpers >= 1.18~
lsb-base >= 4.1+Debian11ubuntu7


Name Value
nginx << 0.8.54-4
nginx-extras << 0.8.54-4
nginx-full << 0.8.54-4
nginx-light << 0.8.54-4


Type URL
Binary Package nginx-common_1.10.3-0ubuntu0.16.04.4_all.deb
Source Package nginx

Install Howto

  1. Update the package index:
    # sudo apt-get update
  2. Install nginx-common deb package:
    # sudo apt-get install nginx-common




2019-08-14 - Marc Deslauriers <>
nginx (1.10.3-0ubuntu0.16.04.4) xenial-security; urgency=medium
* SECURITY UPDATE: HTTP/2 Data Dribble issue
- debian/patches/CVE-2019-9511.patch: limited number of DATA frames in
src/http/v2/ngx_http_v2.c, src/http/v2/ngx_http_v2.h,
- CVE-2019-9511
* SECURITY UPDATE: HTTP/2 Resource Loop / Priority Shuffling issue
- debian/patches/CVE-2019-9513.patch: limited number of PRIORITY frames
in src/http/v2/ngx_http_v2.c, src/http/v2/ngx_http_v2.h.
- CVE-2019-9513
* SECURITY UPDATE: HTTP/2 0-Length Headers Leak issue
- debian/patches/CVE-2019-9516.patch: reject zero length headers with
PROTOCOL_ERROR in src/http/v2/ngx_http_v2.c.
- CVE-2019-9516
2018-11-06 - Marc Deslauriers <>
nginx (1.10.3-0ubuntu0.16.04.3) xenial-security; urgency=medium
* SECURITY UPDATE: excessive memory consumption in HTTP/2 implementation
- debian/patches/CVE-2018-16843.patch: add flood detection in
src/http/v2/ngx_http_v2.c, src/http/v2/ngx_http_v2.h.
- CVE-2018-16843
* SECURITY UPDATE: excessive CPU usage in HTTP/2 implementation
- debian/patches/CVE-2018-16844-pre.patch: backport new
http2_max_requests directive.
- debian/patches/CVE-2018-16844.patch: limit the number of idle state
switches in src/http/v2/ngx_http_v2.c, src/http/v2/ngx_http_v2.h.
- CVE-2018-16844
* SECURITY UPDATE: infinite loop in ngx_http_mp4_module
- debian/patches/CVE-2018-16845.patch: fixed reading 64-bit atoms in
- CVE-2018-16845
2017-07-12 - Steve Beattie <>
nginx (1.10.3-0ubuntu0.16.04.2) xenial-security; urgency=medium
* SECURITY UPDATE: integer overflow in range filter leading to
information exposure
- debian/patches/CVE-2017-7529.patch: add check to ensure size does
not overflow
- CVE-2017-7529
2017-02-11 - Thomas Ward <>
nginx (1.10.3-0ubuntu0.16.04.1) xenial; urgency=medium
* Stable Release Update (LP: #1663937)
* New upstream release (1.10.3) - full changelog available at upstream
website -
* All Ubuntu specific changes from 1.10.0-0ubuntu1 through
1.10.0-0ubuntu0.16.04.4 remain included.
* Additional changes:
* debian/patches/ubuntu-branding.patch: Refreshed Ubuntu Branding patch.
* debian/patches/cve-2016-4450.patch: Drop CVE patch as it is already
included in the upstream source code in this upload.
2016-10-27 - Marc Deslauriers <>
nginx (1.10.0-0ubuntu0.16.04.4) xenial-security; urgency=medium
* SECURITY REGRESSION: config upgrade failure (LP: #1637058)
- debian/nginx-common.config: fix return code so script doesn't exit.
2016-10-18 - Marc Deslauriers <>
nginx (1.10.0-0ubuntu0.16.04.3) xenial-security; urgency=medium
[ Christos Trochalakis ]
* debian/nginx-common.postinst:
+ Secure log file handling (owner & permissions) against privilege
escalation attacks. /var/log/nginx is now owned by root:adm.
Thanks Dawid Golunski ( for the report.
Changing /var/log/nginx permissions effectively reopens #701112,
since log files can be world-readable. This is a trade-off until
a better log opening solution is implemented upstream (trac:376).
* debian/control:
Don't allow building against liblua5.1-0-dev on architectures
that libluajit is available.
2016-05-31 - Thomas Ward <>
nginx (1.10.0-0ubuntu0.16.04.2) xenial-security; urgency=medium
* SECURITY UPDATE: Null pointer dereference while writing client request
body (LP: #1587577)
- debian/patches/cve-2016-4450.patch: Upstream patch to address issue.
- CVE-2016-4450

See Also

Package Description
nginx-core_1.10.3-0ubuntu0.16.04.4_i386.deb nginx web/proxy server (core version)
nginx-doc_1.10.3-0ubuntu0.16.04.4_all.deb small, powerful, scalable web/proxy server - documentation
nginx_1.10.3-0ubuntu0.16.04.4_all.deb small, powerful, scalable web/proxy server
nova-api_13.1.4-0ubuntu4.5_all.deb OpenStack Compute - API frontend
nova-cert_13.1.4-0ubuntu4.5_all.deb OpenStack Compute - certificate management
nova-common_13.1.4-0ubuntu4.5_all.deb OpenStack Compute - common files
nova-compute-kvm_13.1.4-0ubuntu4.5_all.deb OpenStack Compute - compute node (KVM)
nova-compute-libvirt_13.1.4-0ubuntu4.5_all.deb OpenStack Compute - compute node libvirt support
nova-compute-lxc_13.1.4-0ubuntu4.5_all.deb OpenStack Compute - compute node (LXC)
nova-compute-lxd_13.3.0-0ubuntu2_all.deb Openstack Compute - LXD container hypervisor support
nova-compute_13.1.4-0ubuntu4.5_all.deb OpenStack Compute - compute node base
nova-doc_13.1.4-0ubuntu4.5_all.deb OpenStack Compute - documentation
nova-network_13.1.4-0ubuntu4.5_all.deb OpenStack Compute - Network manager
nova-scheduler_13.1.4-0ubuntu4.5_all.deb OpenStack Compute - virtual machine scheduler
nova-volume_13.1.4-0ubuntu4.5_all.deb OpenStack Compute - storage