Slackware nginx update – 1.4.1 – security fix

A news in Ars Technica caught my attention today and it is about a widespread attack on web servers that includes Apache and nginx. My server is nginx therefore, I quickly updated my server to apply 1.4.1 version (my current is 1.4.0).

Here is the security advisory in nginx site. Below are the steps I did when applying updates.

Updating nginx

In Slackware (mine is 14.0), nginx is not shipped as stock software. You get the source code and get a SlackBuild script and build it on your own. My build script and custom configuration is still in the server, therefore, all I have to do is put the latest source code, pass the new version and upgrade the installed nginx package.

Get the SlackBuild script for nginx on SBo.

cd /path/to/build/script
wget http://nginx.org/download/nginx-1.4.1.tar.gz
VERSION=1.4.1 ./nginx.SlackBuild 
upgradepkg /tmp/nginx-1.4.1-i486-1_SBo.tgz

Now that we’ve upgraded nginx, we need to check the configurations if it is still intact. If we’ve verified that we are still good with the configuration, restart the nginx server.

/etc/rc.d/rc.nginx restart

Note: My server is a VPS hosting some websites and also servers as staging server.

Always watch out for security advisories out there and secure your servers.

This entry was posted in Linux and tagged , , , . Bookmark the permalink.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *