Nginx Debian vulnerabilities

Cliff Wells cliff at
Thu Aug 12 22:40:12 MSD 2010

On Thu, 2010-08-12 at 17:10 +0200, Mesaya at wrote:
> Are the vulnerabilities listed at fixed in the recent debian lenny packet?
> # nginx -v
> nginx version: nginx/0.6.32
> I've installed nginx through apt-get install nginx, am I vunerable to any of those vulnerabilities?

The vulnerable versions are listed on the page you linked, so you seem
to have answered your own question.

In any case, 0.6.x is old and unsupported and 0.6.32 isn't even the
latest of the old, unsupported releases.   You are certainly vulnerable
to any non-Windows-specific issues.

You should install at least 0.7.x.   



More information about the nginx mailing list