Description of problem: Current version of Nginx 1.6.3 in EPEL is out-dated and contains vulnerabilities. See: http://nginx.org/en/security_advisories.html Solution: rebase to Nginx 1.8.1
I pushed nginx-1.6.3-8.el7 yesterday with fixes for these CVEs. Please give karma. The update hasn't actually hit updates-testing yet so you will need to download the builds from koji. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-f17c082f00 http://koji.fedoraproject.org/koji/buildinfo?buildID=713981
I think this one can be safely closed since nginx 1.10 has been in EPEL 7 since Sep 7, 2016: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-b51787d61d