A news in Ars Technica caught my attention today and it is about a widespread attack on web servers that includes Apache and nginx. My server is nginx therefore, I quickly updated my server to apply 1.4.1 version (my current is 1.4.0).
Here is the security advisory in nginx site. Below are the steps I did when applying updates.
Updating nginx
In Slackware (mine is 14.0), nginx is not shipped as stock software. You get the source code and get a SlackBuild script and build it on your own. My build script and custom configuration is still in the server, therefore, all I have to do is put the latest source code, pass the new version and upgrade the installed nginx package.
Get the SlackBuild script for nginx on SBo.
cd /path/to/build/script wget http://nginx.org/download/nginx-1.4.1.tar.gz VERSION=1.4.1 ./nginx.SlackBuild upgradepkg /tmp/nginx-1.4.1-i486-1_SBo.tgz
Now that we’ve upgraded nginx, we need to check the configurations if it is still intact. If we’ve verified that we are still good with the configuration, restart the nginx server.
/etc/rc.d/rc.nginx restart
Note: My server is a VPS hosting some websites and also servers as staging server.
Always watch out for security advisories out there and secure your servers.