tldr; How common is it to find the software provided by the default Debian apt repo ...

serious business :donor: /

npub1mw3…2xa3

2025-01-12 02:40:42

tldr; How common is it to find the software provided by the default Debian apt repo is out of date (maybe dangerously so) and you need to seek out a more secure version by setting apt to grab a different repo?

Long version:

OK, I have a sysadmin situation that I suspect may be fairly common, but it's the first time that I've encountered it because I'm new to all this:

* Host I'm operating is running Debian 12 Bookworm stable
* I updated my apt repo
* I installed nginx web server software from the default Debian apt repo
* Installed version of nginx is 1.22.1
* Shodan monitoring flags nginx 1.22.1 as end of life - (thank you nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpqmwkyqxzvuhyxn9f34ellp45wamme067gjhgjjak3gzeua308ppeszpax9v (nprofile…ax9v))
* On investigation, nginx website shows a few known medium and low vulns in that version, and the latest mainline version of nginx is all the way up to 1.27.3 - so my current install is in fact five versions behind and very EOL
* obviously this is concerning because I don't want my server to get pwned
* nginx offers a way to update apt to point to their repo and pull the latest version (great service, thank you)

#sysadmin #homelab #nginx #debian #linux #infosec #cybersecurity #shodan

Author Public Key

npub1mw3ts8cx3gsnjmpgmetk26ns9u76kkcjg847nny9kp79kxgz506s0m2xa3

Show more details

Published at

2025-01-12 02:40:42

Kind type

1 Short Text Note

Event JSON

{ "id": "54043b747f80595708e77bb8808a3be22d53a12bab0486dc96cc291a924e0cd7", "pubkey": "dba2b81f068a21396c28de57656a702f3dab5b1241ebe9cc85b07c5b1902a3f5", "created_at": 1736649642, "kind": 1, "tags": [ [ "p", "dbac40184ce5c8699531ae7ff0d68eeef797ebc895d12976d140b3cec5e70873", "wss://relay.mostr.pub" ], [ "p", "a049f5695a77bff14d1691426c6aed0b4f89cd8ab56218759f55428c62819565", "wss://relay.mostr.pub" ], [ "t", "sysadmin" ], [ "t", "homelab" ], [ "t", "nginx" ], [ "t", "debian" ], [ "t", "linux" ], [ "t", "infosec" ], [ "t", "cybersecurity" ], [ "t", "shodan" ], [ "proxy", "https://infosec.exchange/users/ceresbzns/statuses/113813070967271884", "activitypub" ] ], "content": "tldr; How common is it to find the software provided by the default Debian apt repo is out of date (maybe dangerously so) and you need to seek out a more secure version by setting apt to grab a different repo? \n\nLong version: \n\nOK, I have a sysadmin situation that I suspect may be fairly common, but it's the first time that I've encountered it because I'm new to all this:\n\n* Host I'm operating is running Debian 12 Bookworm stable\n* I updated my apt repo\n* I installed nginx web server software from the default Debian apt repo \n* Installed version of nginx is 1.22.1\n* Shodan monitoring flags nginx 1.22.1 as end of life - (thank you nostr:nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpqmwkyqxzvuhyxn9f34ellp45wamme067gjhgjjak3gzeua308ppeszpax9v)\n* On investigation, nginx website shows a few known medium and low vulns in that version, and the latest mainline version of nginx is all the way up to 1.27.3 - so my current install is in fact five versions behind and very EOL\n* obviously this is concerning because I don't want my server to get pwned\n* nginx offers a way to update apt to point to their repo and pull the latest version (great service, thank you)\n\n#sysadmin #homelab #nginx #debian #linux #infosec #cybersecurity #shodan", "sig": "5f883b6d9b983ce9cd1221bee3032360367b95efd38abc535de1691dfbe013c38f99bda9a74a31181aa730a4419a727459d9e8363fdbc24626dc4e53477cd9da" }