Nginx

Security : Nginx 1.0.15

Nginx 1.0.15 packages are now available for Debian 6.0 “Squeeze” on both amd64 and i386 architectures. They fix a buffer overflow in the ngx_http_mp4_module :

Security: specially crafted mp4 file might allow to overwrite memory locations in a worker process if the ngx_http_mp4_module was used, potentially resulting in arbitrary code execution (CVE-2012-2089). Thanks to Matthew Daley.
Bugfix: in the ngx_http_mp4_module.

Upgrading is recommended if you’re using the nginx-extras packages.

Tags Nginx, release, security

8 replies on “Security : Nginx 1.0.15”

let’s go to recompile (add naxsi in nginx-extras).
Tanks

Thanks for dotdeb !

I’m running ruby 1.9.3p0 on debian squeeze through bearstech.com packages ( http://deb.bearstech.com/squeeze/ruby-1.9.3/ ) and I’d like to know if nginx-passenger works with this installation of ruby (or it use default 1.9.1 version) ?

@raphaël : I’ve never tried. But I don’t think you could install both ruby-passenger from Dotdeb and ruby 1.9.3p0 from Bearstech, because ruby-passenger has a dependency on libruby1.9.1.
Please tell me if you manage them working together.

I’m not a package/debian expert but bearstech seems to “override” ruby 1.9.1 with 1.9.3 so system think its still using standard 1.9.1 package. I’ve installed nginx-passenger and ruby is still at 1.9.3p0.

However, if I set passenger_root to /usr, passenger fail with :

[ASYNC BUG] thread_timer: select
EBADF

ruby 1.9.3p0 (2011-10-30 revision 33570) [x86_64-linux]

[NOTE]
You may have encountered a bug in the Ruby interpreter or extension libraries.
Bug reports are welcome.
For details: http://www.ruby-lang.org/bugreport.html

Somehow my /etc/init.d/nginx file got wiped out and is empty. I don’t know if it was during the upgrade, or something I did just after the upgrade (probably), but now I can’t get Nginx to start or respond.

Could anyone post or tell me where I can find the contents for /etc/init.d/nginx, please?

I found it here. All fixed! https://github.com/gplessis/dotdeb-nginx/blob/master/debian/nginx-common.init.d

How to recompile nginx from dotdeb? i’m sorry, i’m really noob

Thanks

@Kht : basically, it’s :

apt-get source nginx
cd nginx-x.x.x
# (make your sauce, especially in debian/rules
dpkg-buildpackage

Comments are closed.