Engine Yard - Rails Hosting

Security Vulnerability in Nginx: Patch & Upgrades Available

By Michael Mullany | September 14th, 2009 at 11:09AM

Today, nginx released new versions (0.6.39, 0.7.62, 0.8.15) and a patch to fix a remote execution security vulnerability in all versions of nginx.  Attackers exploiting this vulnerability can execute arbitrary code within the rights of the nginx worker process or cause a denial of service by repeatedly crashing the process.

All instances created in the last week on Engine Yard Cloud already include a patch for this vulnerability. Older instances can apply this fix by simply performing a redeploy. Engine Yard customers have been contacted by email and private cloud customers should coordinate with support to schedule an appropriate maintenance window for upgrade.

Share this post:
  • email
  • Digg
  • del.icio.us
  • Reddit
  • Slashdot
  • StumbleUpon
  • Technorati
  • Twitter
  • Google Bookmarks
  • Facebook
  • LinkedIn
Popularity: 6% |
Rate this post: 1 Star2 Stars3 Stars4 Stars5 Stars
Loading ... Loading ...

Related Posts:

This website uses IntenseDebate comments, but they are not currently loaded because either your browser doesn't support JavaScript, or they didn't load fast enough.

2 Responses to “Security Vulnerability in Nginx: Patch & Upgrades Available”

  1. Paul Campbell Paul Campbell says:
    September 14, 2009 at 8:42 pm

    Phew! I just deployed 0.6.38 today, thinking I was nice and up to date. Hard to keep up.

    Reply
  2. Noam Noam says:
    October 20, 2009 at 12:46 pm

    a basic article, but still is good to read and learn- how to eliminate website vulnerabilities – http://bit.ly/4-Steps-to-Eliminate-Security-Vulne...

    Reply

Leave a Reply