Graylog Appliance - Nginx Out of Date (and filled with vulns)

Hi Everyone,

I am running the Graylog Ubuntu20.04 appliance (fully patched).

We recently ran nessus against it, and have a number of CVE’s coming up. I ran a apt-get update and apt-get upgrade, and re-ran the scan but the vulnerabilities still show.

The version of Nginx installed is 1.14.0. If I query the ubuntu 20.04 repos form a different box, the nginx version available is 1.18.0.

Can someone provide me a way to get that set of packages updated?



Oh my…

I am so incredibly stupid.

I was assuming the OS version was 20.04, but it is NOT. I guess that explains things.

Ubuntu 18.04 latest version is 1.14.0 (which is of course what it is running).

Nessus is showing us a false positive (ubuntu security documentation page says it is patched in this version)

Sorry for the waste of time!

You found the solution though - mark it as an answer in case someone searches for the same question - it may help jostle them to a solution! :slight_smile:

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.