Vulnerability related Doubts in Nginx

Zeal Vora zeal at freecharge.com
Tue Mar 22 12:17:00 UTC 2016


@Maxim :-

Thanks. Actually we compile Nginx so to include additional modules. The
solution mentioned in Amazon page is " yum update nginx " is something
which will not help as we will need the tar.gz / SRPM file for that version.

@Valentin :-

Thanks, actually we already have 1.8.1 but the reported fix is
in nginx-1.8.1-1.26 for which I can't find any SRPM / tar.gz file.



On Tue, Mar 22, 2016 at 5:43 PM, Valentin V. Bartenev <vbart at nginx.com>
wrote:

> On Tuesday 22 March 2016 17:35:19 Zeal Vora wrote:
> > Hi
> >
> > We are running Nginx version 1.8 ( nginx-1.8.1-1.amzn1.ngx.x86_64 ) in
> our
> > servers. So in the Vulnerability Assessment, Nessus gave report that it
> is
> > vulnerable.
> >
> > *Current version :-*        nginx-1.8.1-1.amzn1.ngx.x86_64
> >
> > *Fix Version ( According to Nessus ) :-*   nginx-1.8.1-1.26.amzn1
> >
> > I don't seem to find the " Fix Version " of Nginx which Nessus suggested.
> >
> > Is there any work around for this ?
> >
> > Is 1.8 the latest stable version which is available or we can move
> forward
> > with higher one ?
> >
> >
> > Any help will be appreciated!
>
> The CVE-2016-0742 that is referenced in the report is fixed in nginx 1.8.1.
>
> See here for the official information:
> http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html
> http://nginx.org/en/security_advisories.html
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0742
>
>   wbr, Valentin V. Bartenev
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20160322/4cf182e5/attachment.html>


More information about the nginx mailing list