Nginx Debian vulnerabilities

Cliff Wells cliff at develix.com
Thu Aug 12 22:40:12 MSD 2010


On Thu, 2010-08-12 at 17:10 +0200, Mesaya at gmx.de wrote:
> Are the vulnerabilities listed at http://nginx.org/en/security_advisories.html fixed in the recent debian lenny packet?
> 
> # nginx -v
> nginx version: nginx/0.6.32
> 
> I've installed nginx through apt-get install nginx, am I vunerable to any of those vulnerabilities?

The vulnerable versions are listed on the page you linked, so you seem
to have answered your own question.

In any case, 0.6.x is old and unsupported and 0.6.32 isn't even the
latest of the old, unsupported releases.   You are certainly vulnerable
to any non-Windows-specific issues.

You should install at least 0.7.x.   

Cliff

-- 




More information about the nginx mailing list