Today, nginx released new versions (0.6.39, 0.7.62, 0.8.15) and a patch to fix a remote execution security vulnerability in all versions of nginx. Attackers exploiting this vulnerability can execute arbitrary code within the rights of the nginx worker process or cause a denial of service by repeatedly crashing the process.
All instances created in the last week on Engine Yard Cloud already include a patch for this vulnerability. Older instances can apply this fix by simply performing a redeploy. Engine Yard customers have been contacted by email and private cloud customers should coordinate with support to schedule an appropriate maintenance window for upgrade.