[BlueOnyx:22480] 5209R: Nginx security related update

Michael Stauber mstauber at blueonyx.it
Mon Nov 12 13:43:15 -05 2018

Hi all,

We just released an updated Nginx (1.14.1) for BlueOnyx 5209R, which
addresses various security issues.

BlueOnyx 5209R did included Nginx (1.13.9) as optional HTTPS-proxy.
Recently it was discovered that this version of Nginx had multiple
vulnerabilities in HTTP/2  (CVE-2018-16843, CVE-2018-16844) and as a
result upstream had released nginx-1.14.1 stable and nginx-1.15.6 mainline.

We just rolled up a slightly modified nginx-1.14.1 for BlueOnyx 5209R
that addresses our HTTPS-proxy needs and released it to the BlueOnyx
5209R yum repositories.

Just run a "yum update" and you should be good to go.

With best regards

Michael Stauber

More information about the Blueonyx mailing list