[SAC] [abuse #31856] CISA Security issues with OSGEO hosts
Lance Albertson via RT
abuse at osuosl.org
Wed Oct 27 13:51:55 PDT 2021
On Mon Oct 18 15:48:52 2021, lr at pcorp.us wrote:
> Okay will take a look at these later this week.
> Weird I thought upgrading nginx on Ubuntu to 1.18 would do the trick.
> Guess the goal post has moved to 1.20.
Unfortunately yes. I'd assume the packages from Ubuntu include the fix as long
you update them.
> Osgeo3 is running nginx on debian and though it is an older nginx, it looked
> like Debian had patched these for lower versions.
> But I'll upgrade that to latest.
Excellent.
> Osgeo6.osgeo.osuosl.org -- sslabs says the cert is fine - says A+ for
> https://osgeo6.osgeo.osuosl.org You think this is just a false positive
> because of issues with LetsEncrypt old root cert or is it complaining about a
> different cert?
Yeah, I think their testing system must be using an outdated ca-cert. I was
going to ask that so you can probably ignore it for now.
Any updates on getting these updates in the past week? The report from a few
days ago still shows the nginx issue.
Thanks-
--
Lance Albertson
Director
Oregon State University | Open Source Lab
More information about the Sac
mailing list