Vulnerability related Doubts in Nginx
maxim at nginx.com
Tue Mar 22 12:22:48 UTC 2016
On 3/22/16 3:17 PM, Zeal Vora wrote:
> @Maxim :-
> Thanks. Actually we compile Nginx so to include additional modules.
> The solution mentioned in Amazon page is " yum update nginx " is
> something which will not help as we will need the tar.gz / SRPM file
> for that version.
> @Valentin :-
> Thanks, actually we already have 1.8.1 but the reported fix is
> in nginx-1.8.1-1.26 for which I can't find any SRPM / tar.gz file.
The nessus report is about the package version. "nginx-1.8.1-1.26"
is something AWS specific, it doesn't come from nginx.org.
If you built your own package or compiled nginx from the nginx.org
sources you are safe with 1.8.1.
More information about the nginx