[atomic] Nginx 1.4.7 with mod_security support

Atomic repository announcements, new release notifications and other news regarding the atomic yum repository.
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8330
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

[atomic] Nginx 1.4.7 with mod_security support

Unread post by scott »

Changelog
* Add support for mod_security on EL5 (rhel, centos, cloudlinux)

* Security: a heap memory buffer overflow might occur in a worker
process while handling a specially crafted request by
ngx_http_spdy_module, potentially resulting in arbitrary code
execution (CVE-2014-0133).
Thanks to Lucas Molas, researcher at Programa STIC, Fundación Dr.
Manuel Sadosky, Buenos Aires, Argentina.

* Bugfix: in the "fastcgi_next_upstream" directive.
Thanks to Lucas Molas.

To upgrade:

yum upgrade nginx

To install:

yum install nginx
Post Reply