Opened 11 years ago
Closed 11 years ago
#535 closed defect (invalid)
Windows Distribution Vulnerable Due to OpenSSL Bug
| Reported by: | Aaron Riesbeck | Owned by: | |
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | nginx-package | Version: | 1.5.x |
| Keywords: | vulnerability | Cc: | |
| uname -a: | N/A (Windows) | ||
| nginx -V: |
nginx version: nginx/1.5.13
TLS SNI support enabled configure arguments: --with-cc=cl --builddir=objs.msvc8 --with-debug --prefix= - -conf-path=conf/nginx.conf --pid-path=logs/nginx.pid --http-log-path=logs/access .log --error-log-path=logs/error.log --sbin-path=nginx.exe --http-client-body-te mp-path=temp/client_body_temp --http-proxy-temp-path=temp/proxy_temp --http-fast cgi-temp-path=temp/fastcgi_temp --http-scgi-temp-path=temp/scgi_temp --http-uwsg i-temp-path=temp/uwsgi_temp --with-cc-opt=-DFD_SETSIZE=1024 --with-pcre=objs.msv c8/lib/pcre-8.34 --with-zlib=objs.msvc8/lib/zlib-1.2.8 --with-select_module --wi th-http_realip_module --with-http_addition_module --with-http_sub_module --with- http_dav_module --with-http_stub_status_module --with-http_flv_module --with-htt p_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-htt p_auth_request_module --with-http_random_index_module --with-http_secure_link_mo dule --with-mail --with-openssl=objs.msvc8/lib/openssl-1.0.1g --with-openssl-opt =enable-tlsext --with-http_ssl_module --with-mail_ssl_module --with-ipv6 |
||
Description
Due to the major security vulnerability in OpenSSL the windows binary offered on the nginx.org website needs to have its version of OpenSSL updated. The current release (1.5.13) from 4/8 is using OpenSSL 1.0.1g which is vulnerable.
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160
Thanks,
Aaron
Note:
See TracTickets
for help on using tickets.
openssl 1.0.1g is not vulnerable (to this bug at least).