Learn about Centmin Mod LEMP Stack today
Become a Member

Nginx PageSpeed ngx_pagespeed security update release

Discussion in 'Nginx, PHP-FPM & MariaDB MySQL' started by rdan, Jun 19, 2014.

  1. rdan

    rdan Well-Known Member

    May 25, 2014
    Local Time:
    11:51 PM
    ngx_pagespeed version fixes a major security vulnerability in HTTPS fetching. All versions of ngx_pagespeed since are affected. The vulnerability only affects users that have enabled the FetchHttps feature; users that have not explicitly enabled FetchHttps are not affected.

    All users running a vulnerable version of PageSpeed with FetchHttps enabled should update their pagespeed packages.

    A vulnerability was found in the version of OpenSSL used by PageSpeed. CVE-2014-0224 ( http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0224 ) which allowed a malicious user to perform a man-in-the middle attack on encrypted traffic.

    The previous release of ngx_pagespeed (1.8.31-3-beta) used OpenSSL 1.0.1 and is impacted by CVE-2014-0224. Latest version uses a version of OpenSSL in which the vulnerability has been fixed.

    Upgrade instructions:

    Follow the installation instructions here: https://github.com/pagespeed/ngx_pagespeed#readme
  2. eva2000

    eva2000 Administrator Staff Member

    May 24, 2014
    Brisbane, Australia
    Local Time:
    1:51 AM
    Nginx 1.25.x
    MariaDB 10.x
    Wow nice fine @RoldanLT (y)

    Updated .07 beta 21 Github and 290514 dated zip with new version of ngx_pagespeed 1.8.31-4 beta https://community.centminmod.com/threads/update-ngx_pagespeed-1-8-31-4-beta.511/ release notes https://developers.google.com/speed/pagespeed/module/release_notes

    Last edited: Jun 19, 2014