Welcome to Centmin Mod Community
Become a Member

Security Centmin Mod Nginx 1.15.6 Security Updates

Discussion in 'Centmin Mod News' started by eva2000, Nov 7, 2018.

Tags:
Thread Status:
Not open for further replies.
  1. eva2000

    eva2000 Administrator Staff Member

    54,107
    12,179
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,738
    Local Time:
    5:34 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Nginx 1.15.6 has been released with security bug fix updates for nginx security advisory (CVE-2018-16843, CVE-2018-16844, CVE-2018-16845) outlined at Nginx - [nginx-announce] nginx-1.15.6. It is recommended you update your Centmin Mod install and then run centmin.sh menu option 4 and upgrade to Nginx version number 1.15.6 when asked which version to update to.

    Updating Centmin Mod



    Getting Started Guide step 19 outlines also how to keep Centmin Mod code updated or how to switch version branches or you can run cmupdate command that was recently added.

    Centmin Mod LEMP stack's script code is constantly updated for improvements, bug fixes and security fixes so keeping the Centmin Mod code up to date is important. With Centmin Mod 1.2.3-eva2000.08) (123.08stable) and higher releases, a newly added centmin.sh menu option 23 allows much easier code updates and version branch switching via Git backed environment you can setup.

    For 123.08stable that means centmin.sh menu option 23 submenu option 2 (if you previously ran submenu option 1) first, then exit centmin.sh, re-enter /usr/local/src/centminmod and re-run centmin.sh menu.

    For 123.09beta01 and higher that means running SSH command = cmupdate and then re-enter /usr/local/src/centminmod and re-run centmin.sh menu.

    Example of using 123.09beta01 cmupdate command to update Centmin Mod code on your server where only only a small recent update was missing
    Code (Text):
    cmupdate
    No local changes to save
    Updating 5f92047..9d06ee8
    Fast-forward
     stackscripts/stackscript.sh | 11 ++++++++---
     1 file changed, 8 insertions(+), 3 deletions(-)
    

    Compared to a 123.09beta01 install where there was longer duration between previous cmupdate runs so more updated code was reported
    Code (Text):
    cmupdate
    No local changes to save
    Updating 27dcf78..0b5bf30
    Fast-forward
     addons/ffmpeg.sh                                   |    2 +-
     centmin.sh                                         |   35 +-
     config/nginx/conf.d/virtual.conf                   |    2 +-
     config/nginx/log_format_brotli.conf                |   13 +
     config/nginx/nginx.conf                            |  104 +-
     example/custom_config.inc                          |   14 +-
     inc/brotli.inc                                     |    4 +-
     inc/compress.inc                                   |  148 +-
     inc/cpcheck.inc                                    |   17 +-
     inc/downloadlinks.inc                              |    4 +
     inc/downloads.inc                                  |   36 +-
     inc/luajit.inc                                     |    7 +-
     inc/mainmenu_cli.inc                               |    5 +-
     inc/mod_security.inc                               |    3 +-
     inc/nginx_configure.inc                            |   50 +-
     inc/nginx_install.inc                              |    2 +-
     inc/nginx_patch.inc                                |   24 +
     inc/nginx_upgrade.inc                              |    8 +-
     inc/openssl_install.inc                            |  150 +-
     inc/siegeinstall.inc                               |    1 +
     inc/tcp.inc                                        |    6 +
     inc/wpsetup-fastcgi-cache.inc                      | 3293 ++++++++++++++++++++
     inc/wpsetup.inc                                    |   18 +-
     .../nginx-1.15.5-fix-max-protocol-version.patch    |   27 +
     ...L-1.1.1-ECDSA-signature-gen-CVE-2018-0735.patch |   24 +
     .../openssl/OpenSSL-1.1.1-fix-ocsp-memleak.patch   |   38 +
     ...1-fix-tls13-s-server-unknown-psk-identity.patch |   34 +
     .../openssl/OpenSSL-1.1.1-safer-mem-cleanup.patch  |   75 +
     patches/openssl/openssl-1.1.1-tls13_draft.patch    |  227 ++
     stackscripts/stackscript.sh                        |   11 +-
     tools/auditd.sh                                    |   28 +-
     tools/nginx-binary-backup.sh                       |   15 +-
     32 files changed, 4279 insertions(+), 146 deletions(-)
     create mode 100644 config/nginx/log_format_brotli.conf
     create mode 100644 inc/wpsetup-fastcgi-cache.inc
     create mode 100644 patches/nginx/nginx-1.15.5-fix-max-protocol-version.patch
     create mode 100644 patches/openssl/OpenSSL-1.1.1-ECDSA-signature-gen-CVE-2018-0735.patch
     create mode 100644 patches/openssl/OpenSSL-1.1.1-fix-ocsp-memleak.patch
     create mode 100644 patches/openssl/OpenSSL-1.1.1-fix-tls13-s-server-unknown-psk-identity.patch
     create mode 100644 patches/openssl/OpenSSL-1.1.1-safer-mem-cleanup.patch
     create mode 100644 patches/openssl/openssl-1.1.1-tls13_draft.patch
    


    For full details read the following links:
    Upgrading Centmin Mod involves 2 parts.
    1. Upgrading the actual Centmin Mod code outlined at Upgrade Centmin Mod. This is heart of Centmin Mod where the code is the engine that runs centmin.sh shell based menu and all the automation you're accustomed to. You can easily update within a Centmin Mod version branch or switch version branches via centmin.sh menu option 23 outlined here.
    2. Upgrade software that Centmin Mod installed or manages. For this part following outline at How to upgrade Centmin Mod software installed on your server.

    Updating Nginx



    After Centmin Mod is updated, run centmin.sh menu option 4 to update to Nginx 1.15.6

    Code (Text):
    --------------------------------------------------------
         Centmin Mod Menu 123.09beta01 centminmod.com  
    --------------------------------------------------------
    1).  Centmin Install
    2).  Add Nginx vhost domain
    3).  NSD setup domain name DNS
    4).  Nginx Upgrade / Downgrade
    5).  PHP Upgrade / Downgrade
    6).  XCache Re-install
    7).  APC Cache Re-install
    8).  XCache Install
    9).  APC Cache Install
    10). Memcached Server Re-install
    11). MariaDB MySQL Upgrade & Management
    12). Zend OpCache Install/Re-install
    13). Install/Reinstall Redis PHP Extension
    14). SELinux disable
    15). Install/Reinstall ImagicK PHP Extension
    16). Change SSHD Port Number
    17). Multi-thread compression: pigz,pbzip2,lbzip2...
    18). Suhosin PHP Extension install
    19). Install FFMPEG and FFMPEG PHP Extension
    20). NSD Install/Re-Install
    21). Update - Nginx + PHP-FPM + Siege
    22). Add Wordpress Nginx vhost + Cache Plugin
    23). Update Centmin Mod Code Base
    24). Exit
    --------------------------------------------------------
    Enter option [ 1 - 24 ] 4
    --------------------------------------------------------
    

    Code (Text):
    Do you want to run YUM install checks ?  [y/n]
    
    This will increase your upgrade duration time wise.
    Check the change log centminmod.com/changelog.html
    to see if any Nginx or PHP related new additions
    which require checking YUM prequisites are met.
    If no new additions made, you can skip the
    YUM install check to speed up upgrade time.
    
     [y/n]: n
    **********************************************************************
    * Nginx Update script - Included in Centmin Extras
    * Version: 123.09beta01.b068 - Date: 31/10/2018 - Copyright 2011-2018 CentminMod.com
    **********************************************************************
    
    This software comes with no warranty of any kind. You are free to use
    it for both personal and commercial use as licensed under the GPL.
    

    Code (Text):
    Nginx Upgrade - Would you like to continue? [y/n] y
    
    Install which version of Nginx? (version i.e. type 1.15.5): 1.15.6
    


     
  2. eva2000

    eva2000 Administrator Staff Member

    54,107
    12,179
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,738
    Local Time:
    5:34 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    example updated Nginx 1.15.6
     
Thread Status:
Not open for further replies.