Want to subscribe to topics you're interested in?
Become a Member

Nginx PageSpeed ngx_pagespeed security update release 1.8.31.4-beta

Discussion in 'Nginx, PHP-FPM & MariaDB MySQL' started by RoldanLT, Jun 19, 2014.

  1. RoldanLT

    RoldanLT Well-Known Member

    3,829
    929
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,258
    Local Time:
    3:19 AM
    1.11
    10.2
    ngx_pagespeed version 1.8.31.4-beta fixes a major security vulnerability in HTTPS fetching. All versions of ngx_pagespeed since 1.8.31.2-beta are affected. The vulnerability only affects users that have enabled the FetchHttps feature; users that have not explicitly enabled FetchHttps are not affected.

    All users running a vulnerable version of PageSpeed with FetchHttps enabled should update their pagespeed packages.

    A vulnerability was found in the version of OpenSSL used by PageSpeed. CVE-2014-0224 ( http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0224 ) which allowed a malicious user to perform a man-in-the middle attack on encrypted traffic.

    The previous release of ngx_pagespeed (1.8.31-3-beta) used OpenSSL 1.0.1 and is impacted by CVE-2014-0224. Latest version 1.8.31.4-beta uses a version of OpenSSL in which the vulnerability has been fixed.

    Upgrade instructions:

    Follow the installation instructions here: https://github.com/pagespeed/ngx_pagespeed#readme
     
    • Like Like x 1
  2. eva2000

    eva2000 Administrator Staff Member

    29,016
    6,584
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,774
    Local Time:
    5:19 AM
    Nginx 1.13.x
    MariaDB 5.5
    Wow nice fine @RoldanLT (y)

    Updated .07 beta 21 Github and 290514 dated zip with new version of ngx_pagespeed 1.8.31-4 beta https://community.centminmod.com/threads/update-ngx_pagespeed-1-8-31-4-beta.511/

    1.8.31.4 release notes https://developers.google.com/speed/pagespeed/module/release_notes

     
    Last edited: Jun 19, 2014