A patch to fix VU#180065 vulnerability in 0.1.0-0.8.14. The patch is not required for versions 0.8.16+, 0.7.62+, 0.6.39+, 0.5.38+.
nginx有一安全漏洞影响0.1.0-0.8.14的版本。 除0.8.16+, 0.7.62+, 0.6.39+, 0.5.38+.
wget http://sysoev.ru/nginx/nginx-0.7.62.tar.gz tar zxvf nginx-0.7.62.tar.gz cd nginx-0.7.62关闭debug模式来减少nginx大小
vi auto/cc/gcc # 最后几行sheft+g #注释这行 #CFLAGS=”$CFLAGS -g”伪装header
vi src/core/nginx.h #define NGINX_VERSION “1.2” #define NGINX_VER “C1GWS/” NGINX_VERSION编译
./configure –user=www –group=website –prefix=/opt/nginx –with-http_stub_status_module –with-http_ssl_module make#不需做make install哈
备份原始文件
mv /opt/nginx/sbin/nginx /opt/nginx/sbin/nginx.old复制新文件
cp objs/nginx /opt/nginx/sbin/nginx检查配置文件
/opt/nginx/sbin/nginx -t如果你的配置文件是0.6X的话会有2个错误
[warn]: the “optimize_server_names” directive is deprecated, use the “server_name_in_redirect” directive instead in /opt/nginx/conf/nginx.conf:36 [emerg]: “server_name_in_redirect” directive is duplicate in /opt/nginx/conf/nginx.conf:37 configuration file /opt/nginx/conf/nginx.conf test failed [warn]: duplicate MIME type “text/html” in /opt/nginx/conf/nginx.conf:63 the configuration file /opt/nginx/conf/nginx.conf syntax is ok configuration file /opt/nginx/conf/nginx.conf test is successfulnginx.conf中去掉server_name_in_redirect及text/html
optimize_server_names off; server_name_in_redirect off; gzip_types text/plain application/x-javascript text/css application/xml;重命名pid,并启用新的pid #”`“在键盘左上角
kill -USR2 `cat /dev/shm/nginx.pid`退出旧的nginx
kill -QUIT `cat /dev/shm/nginx.pid.oldbin`升级完成!
curl -I localhost HTTP/1.1 200 OK Server: C1GWS/1.2
curl -I localhost
No Responses (yet)
Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.