On Tuesday 22 March 2016 17:35:19 Zeal Vora wrote: > Hi > > We are running Nginx version 1.8 ( nginx-1.8.1-1.amzn1.ngx.x86_64 ) in our > servers. So in the Vulnerability Assessment, Nessus gave report that it is > vulnerable. > > *Current version :-* nginx-1.8.1-1.amzn1.ngx.x86_64 > > *Fix Version ( According to Nessus ) :-* nginx-1.8.1-1.26.amzn1 > > I don't seem to find the " Fix Version " of Nginx which Nessus suggested. > > Is there any work around for this ? > > Is 1.8 the latest stable version which is available or we can move forward > with higher one ? > > > Any help will be appreciated!
The CVE-2016-0742 that is referenced in the report is fixed in nginx 1.8.1. See here for the official information: http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html http://nginx.org/en/security_advisories.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0742 wbr, Valentin V. Bartenev _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
