Vulnerability related Doubts in Nginx
Valentin V. Bartenev
vbart at nginx.com
Tue Mar 22 12:13:22 UTC 2016
On Tuesday 22 March 2016 17:35:19 Zeal Vora wrote:
> Hi
>
> We are running Nginx version 1.8 ( nginx-1.8.1-1.amzn1.ngx.x86_64 ) in our
> servers. So in the Vulnerability Assessment, Nessus gave report that it is
> vulnerable.
>
> *Current version :-* nginx-1.8.1-1.amzn1.ngx.x86_64
>
> *Fix Version ( According to Nessus ) :-* nginx-1.8.1-1.26.amzn1
>
> I don't seem to find the " Fix Version " of Nginx which Nessus suggested.
>
> Is there any work around for this ?
>
> Is 1.8 the latest stable version which is available or we can move forward
> with higher one ?
>
>
> Any help will be appreciated!
The CVE-2016-0742 that is referenced in the report is fixed in nginx 1.8.1.
See here for the official information:
http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html
http://nginx.org/en/security_advisories.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0742
wbr, Valentin V. Bartenev
More information about the nginx
mailing list