Affected by nginx vulnerability?

**~~ostermmg~~** · 09-21-2009, 10:32 AM

We've come across this vulnerability notice:

US-CERT Vulnerability Note VU#180065 (a.k.a. CVE-2009-2629)

It's our understanding that ZCS uses nginx for its proxy.

Does this vulnerability affect ZCS 5.0.x?

**Matt** · 09-28-2009, 04:06 AM

I would like the answer to this too. I have a feeling the answer is yes because the version reported is 0.5.30 on zcs-NETWORK-5.0.16_GA. Zimbra 6.0.0 seems affected too... nginx 0.5.37. Not sure about 6.0.1 but no mention in the release notes so I would guess yes.

**Matt** · 09-30-2009, 01:11 AM

5.0.19 has a fixed version of nginx. 6.0.2 (unreleased) will fix this too.

Zimbra

Thread: Affected by nginx vulnerability?

LinkBack

Thread Tools

Search Thread

Display

Affected by nginx vulnerability?

Thread Information

Users Browsing this Thread

Similar Threads

logging client IPs when running behind non-Zimbra nginx HTTP proxy

Need help hacking nginx to work with cyrus too

imapsync and nginx

Security Vulnerability Alert

Posting Permissions