Nginx Security Update For All Nginx installations upto version 1.4.0

Greg MacManus, of iSIGHT Partners Labs, found a security problem
in several recent versions of nginx. A stack-based buffer
overflow might occur in a worker process while handling a
specially crafted request, potentially resulting in arbitrary code
execution (CVE-2013-2028).

The problem affects nginx 1.3.9 – 1.4.0.

The problem is fixed in nginx 1.5.0, 1.4.1.

Patch for the problem can be found here:

As a temporary workaround the following configuration

can be used in each server{} block

    if ($http_transfer_encoding ~* chunked) {
        return 444;

Update Your cPnginx :

For updating the cPnginx run the following commands,

# /scripts/installnginx --version=1.4.1

Update Your Danginx :

For updating the Danginx please run the following command,

# /usr/local/directadmin/scripts/installnginx --version=1.4.1