nginx security advisory (CVE-2013-2028)

[B.R.]

I would add to Patrick answer the following:

- 1.1.19 is a development version. IMHO it is always better to prefer
stable in production environments. 1.2.8 or 1.4.1 depending on your
needs/requirements.
- Check the changes from 1.2 or 1.4 <http://nginx.org/en/download.html> to
decide what is better for you (there are only few security alerts, most of
entries are bugfixes)
- Consider using nginx packages
<http://nginx.org/en/linux_packages.html>(available for Ubuntu), which
will keep you nginx updates to the most
recent version of your choice (stable or 'mainline' which I suppose is
development? or maybe old-stable 1.2.8?) via aptitude


Hope that'll help
---
*B. R.*


On Wed, May 8, 2013 at 10:42 AM, Patrik Kernstock <info at pkern.at> wrote:

> Hello,
>
> the security leak is only affected in nginx 1.3.9 and 1.4.0. So just find
> out which version is currently in the ubuntu repository and decide if you
> can update or not.
>
> Kind regards,
> Patrik
>
> -----Ursprüngliche Nachricht-----
> Von: nginx-bounces at nginx.org [mailto:nginx-bounces at nginx.org] Im Auftrag
> von
> jonas
> Gesendet: Mittwoch, 08. Mai 2013 16:36
> An: nginx at nginx.org
> Betreff: Re: nginx security advisory (CVE-2013-2028)
>
> Hello,
>
> I use nginx 1.1.19, latest version from ubuntu repository.
> Anyone knows if Is it secure to use the latest verison from ubuntu
> repository?
>
> thanks
>
> Posted at Nginx Forum:
> http://forum.nginx.org/read.php?2,238946,239015#msg-239015
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20130508/16189b44/attachment.html>