On 09/21/2016 02:02 PM, Прокси wrote: > Hello, > > My server with CentOS 6.8 just failed PCI scan, so I'm looking into > vulnerable packages. PHP 5.3.3 have multiple vulnerabilities, some of > them are fixed/patched or have some kind of workaround. But I can't find > a way to fix this one. Red Hat state: under investigation. > > https://access.redhat.com/security/cve/cve-2016-4073 > > This CVE is 6 months old, and it doesn't look like it will be fixed. > Does anyone knows the way to go around this? Except blocking mb_strcut() > function. you could try the unsupported php from remi repos... you can find there php 7.0 .. HTH, Adrian
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx https://lists.centos.org/mailman/listinfo/centos
