Vulnerability related Doubts in Nginx
Maxim Konovalov
maxim at nginx.com
Tue Mar 22 12:22:48 UTC 2016
On 3/22/16 3:17 PM, Zeal Vora wrote:
> @Maxim :-
>
> Thanks. Actually we compile Nginx so to include additional modules.
> The solution mentioned in Amazon page is " yum update nginx " is
> something which will not help as we will need the tar.gz / SRPM file
> for that version.
>
> @Valentin :-
>
> Thanks, actually we already have 1.8.1 but the reported fix is
> in nginx-1.8.1-1.26 for which I can't find any SRPM / tar.gz file.
>
The nessus report is about the package version. "nginx-1.8.1-1.26"
is something AWS specific, it doesn't come from nginx.org.
If you built your own package or compiled nginx from the nginx.org
sources you are safe with 1.8.1.
--
Maxim Konovalov
More information about the nginx
mailing list