New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Nginx Security Advisory
http://mailman.nginx.org/pipermail/nginx-announce/2013/000112.html
Update your nginx binaries!
Comments
nginx -v
nginx version: nginx/1.4.1
Muhahaha...
Dotdeb updating it yesterday.
Thank you, black!
On my Ubuntu 12.04 vps, I see that the Nginx version is 1.1.19 only.
Running
apt-get update
andaptitude safe-upgrade
did not helpAppreciate any help.
If you're getting it from the Ubuntu repos, switch over to DotDeb (http://www.dotdeb.org/about/) or the official nginx mirror. (http://nginx.org/en/linux_packages.html#stable)
Try this: https://news.ycombinator.com/item?id=5668067
Can someone post their /etc/apt/sources.list file for Debian squeeze with nginx 1.4.1?
I think I messed mine up by doing a dist-upgrade, after which, nginx didn't want to start. I got a bunch of dependency issues and it kicked me back to 0.7.67
EDIT: Nevermind, fixed it
@black Mine:
@budingyun
Thanks, I fixed it. Back in the day, I followed this tutorial to install nginx. It said to add the line
to /etc/apt/sources.list
Which is incorrect. The official instructions here are what people should follow. That fixed things for me
Edit: Complete tutorial on how to fix this mishap on Debian Squeeze
Remove
from /etc/apt/sources.list
Add
If you're not using squeeze, refer to install instructions on dotdeb.org
Run:
I hope this helps someone.
From the announcement: The problem affects nginx 1.3.9 - 1.4.0.
@black Thanks for the info
Yepp, 1.1.x, 1.2.x and 1.5.x are safe.
Thank you for making me realize my version is safe. Some time soon I will have to update my nginx as it seems I am running quite an old version.
Quick question: Is it safe to use Dotdeb repository for Ubuntu 12.04 ?
I hope this helps someone.
Wrap yer sudos ffs!
sudo sh -c "apt-get remove -y nginx && apt-get install -y nginx && service nginx restart"
nginx version: nginx/1.0.15
Yawn.
Dotdeb has released 1.4.1 to fix said issue.
If you have debian and want to upgrade to fix said issue then here is the instructions: http://www.dotdeb.org/instructions/ and here is a good mirror that I host.
deb http://cdn.content-network.net/mirror/dotdeb/ stable all
deb-src http://cdn.content-network.net/mirror/dotdeb/ stable all
This mirror is located in the US, but many more can be found here:
http://www.dotdeb.org/mirrors/
Mun <-- Gonna start on the Sig Train.
FreeBSD ports already have both 1.4.1 and 1.5.0 as of yesterday.
Least anyone who stuck around on 1.2 stable are probably feeling good they waited a week or two... (1.3.9-16 was the previous dev branch).
Took a while, but all patched. So many instances