Vulnerability related Doubts in Nginx

Maxim Konovalov maxim at nginx.com
Tue Mar 22 12:22:48 UTC 2016


On 3/22/16 3:17 PM, Zeal Vora wrote:
> @Maxim :-
> 
> Thanks. Actually we compile Nginx so to include additional modules.
> The solution mentioned in Amazon page is " yum update nginx " is
> something which will not help as we will need the tar.gz / SRPM file
> for that version.
> 
> @Valentin :-
> 
> Thanks, actually we already have 1.8.1 but the reported fix is
> in nginx-1.8.1-1.26 for which I can't find any SRPM / tar.gz file.
> 
The nessus report is about the package version. "nginx-1.8.1-1.26"
is something AWS specific, it doesn't come from nginx.org.

If you built your own package or compiled nginx from the nginx.org
sources you are safe with 1.8.1.

-- 
Maxim Konovalov



More information about the nginx mailing list