@Maxim :- Thanks. Actually we compile Nginx so to include additional modules. The solution mentioned in Amazon page is " yum update nginx " is something which will not help as we will need the tar.gz / SRPM file for that version.
@Valentin :- Thanks, actually we already have 1.8.1 but the reported fix is in nginx-1.8.1-1.26 for which I can't find any SRPM / tar.gz file. On Tue, Mar 22, 2016 at 5:43 PM, Valentin V. Bartenev <vb...@nginx.com> wrote: > On Tuesday 22 March 2016 17:35:19 Zeal Vora wrote: > > Hi > > > > We are running Nginx version 1.8 ( nginx-1.8.1-1.amzn1.ngx.x86_64 ) in > our > > servers. So in the Vulnerability Assessment, Nessus gave report that it > is > > vulnerable. > > > > *Current version :-* nginx-1.8.1-1.amzn1.ngx.x86_64 > > > > *Fix Version ( According to Nessus ) :-* nginx-1.8.1-1.26.amzn1 > > > > I don't seem to find the " Fix Version " of Nginx which Nessus suggested. > > > > Is there any work around for this ? > > > > Is 1.8 the latest stable version which is available or we can move > forward > > with higher one ? > > > > > > Any help will be appreciated! > > The CVE-2016-0742 that is referenced in the report is fixed in nginx 1.8.1. > > See here for the official information: > http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html > http://nginx.org/en/security_advisories.html > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0742 > > wbr, Valentin V. Bartenev > > _______________________________________________ > nginx mailing list > nginx@nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx >
_______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
