NGINX.COM
Web Server Load Balancing with NGINX Plus

On September 24, 2014, a vulnerability was revealed in the Bash shell interpreter. The details are described in CVE-2014-6271. Note that there is a follow‑up vulnerability (CVE-2014-7169) that has not been patched as of this writing.

This bug does not affect the NGINX or NGINX Plus software directly, but if you are running on an affected host system, we recommend that you upgrade the copy of bash on that system as soon as possible.

Please refer to your operating system vendor’s instructions. For your convenience, here are a few links:

NGINX Plus AMIs on AWS

The NGINX Plus Amazon Machine Images (AMIs) (Version 1.3) are built on Amazon Linux or Ubuntu, and suffer from this vulnerability. We’re building and testing updated AMIs, and in the interim you need to run the following commands to manually update the bash package on those AMIs:

  • For Amazon Linux AMIs:

    $ sudo yum update bash
  • For Ubuntu AMIs:

    $ sudo apt-get update
    $ sudo apt-get install bash

Note that new Amazon Linux‑based instances are automatically updated on startup.

Hero image
Are Your Applications Secure?

Learn how to protect your apps with NGINX and NGINX Plus

About The Author

Owen Garrett

Sr. Director, Product Management

Owen is a senior member of the NGINX Product Management team, covering open source and commercial NGINX products. He holds a particular responsibility for microservices and Kubernetes‑centric solutions. He’s constantly amazed by the ingenuity of NGINX users and still learns of new ways to use NGINX with every discussion.

About F5 NGINX

F5, Inc. is the company behind NGINX, the popular open source project. We offer a suite of technologies for developing and delivering modern applications. Together with F5, our combined solution bridges the gap between NetOps and DevOps, with multi-cloud application services that span from code to customer.

Learn more at nginx.com or join the conversation by following @nginx on Twitter.