Vulnerability related Doubts in Nginx
zeal at freecharge.com
Tue Mar 22 12:17:00 UTC 2016
Thanks. Actually we compile Nginx so to include additional modules. The
solution mentioned in Amazon page is " yum update nginx " is something
which will not help as we will need the tar.gz / SRPM file for that version.
Thanks, actually we already have 1.8.1 but the reported fix is
in nginx-1.8.1-1.26 for which I can't find any SRPM / tar.gz file.
On Tue, Mar 22, 2016 at 5:43 PM, Valentin V. Bartenev <vbart at nginx.com>
> On Tuesday 22 March 2016 17:35:19 Zeal Vora wrote:
> > Hi
> > We are running Nginx version 1.8 ( nginx-1.8.1-1.amzn1.ngx.x86_64 ) in
> > servers. So in the Vulnerability Assessment, Nessus gave report that it
> > vulnerable.
> > *Current version :-* nginx-1.8.1-1.amzn1.ngx.x86_64
> > *Fix Version ( According to Nessus ) :-* nginx-1.8.1-1.26.amzn1
> > I don't seem to find the " Fix Version " of Nginx which Nessus suggested.
> > Is there any work around for this ?
> > Is 1.8 the latest stable version which is available or we can move
> > with higher one ?
> > Any help will be appreciated!
> The CVE-2016-0742 that is referenced in the report is fixed in nginx 1.8.1.
> See here for the official information:
> wbr, Valentin V. Bartenev
> nginx mailing list
> nginx at nginx.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the nginx