View Single Post
  #3   (View Single Post)  
Old 9th May 2013
rocket357's Avatar
rocket357 rocket357 is offline
Real Name: Jonathon
Wannabe OpenBSD porter
 
Join Date: Jun 2010
Location: 127.0.0.1
Posts: 429
Default

"The flaw, now given an identity as CVE-2013-2028, appeared in NGINX 1.3.9, a development branch of the server released in November 2012, and appears to have persisted through development to still be present in April's release of the new stable version. A patch is also available for the flaw, which was found by Greg MacManus of iSIGHT Partners Labs.

The updated versions are available to download from the NGINX site. Given that 1.4.0 has only been available for a few weeks, many sites will likely be running the unaffected older stable branch of NGINX – 1.2 – originally published in April 2012, for which the most recent bug-fix release is version 1.2.8, published at the start of April. This is, however, now deemed a legacy version of NGINX."
__________________
Linux/Network-Security Engineer by Profession. OpenBSD user by choice.
Reply With Quote