When will you release binary RPMs for ondemand-nginx that address:
I realize you did post a source patch some time back.
Hey JP, thanks for letting us know.
Looking at the annoucement it doenst’ look like if affects us. From the announcement, we don’t use the
The issue only affects nginx if the "resolver" directive is used in
the configuration file. Further, the attack is only possible if an
attacker is able to forge UDP packets from the DNS server.
Though, we should be able to patch it soon anyhow. Looks like RHEL patched 1.18, we’ll have to look into how to apply the patch too.
ondemand-nginx RPMs have been pushed to the 1.8 and 2.0 repos.
To update perform the following operation:
yum update ondemand-nginx
dnf update ondemand-nginx
In order to ensure all PUNs are using the patched NGINX it’s recommended to force kill all PUNs:
/opt/ood/nginx_stage/sbin/nginx_stage nginx_clean --force