Re: PHP FPM issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



https://access.redhat.com/errata/RHSA-2019:3286

Looks like RedHat is updating PHP 5 packages.


thanks

---
Thomas Stephen Lee

On Fri, Nov 1, 2019 at 5:08 AM Marius ROMAN <marius@roman.systems> wrote:

> On 10/31/19 6:55 PM, Thomas Stephen Lee wrote:
>
> Hi Marius,
>
> Will make the changes and see how it goes.
>
> On the other hand
> https://cbs.centos.org/koji/buildinfo?buildID=27138
>
> if the above was released we could just install and migrate to
> rh-php73-php, which is not affected as per
> https://access.redhat.com/security/cve/cve-2019-11043
>
> thanks
>
> ---
> Thomas Stephen Lee
>
> On Thu, Oct 31, 2019 at 8:40 PM Marius ROMAN <marius@roman.systems> <marius@roman.systems> wrote:
>
>
> On 10/31/19 10:49 AM, Thomas Stephen Lee wrote:
>
> Hi,
>
> what is the workaround for this?
> https://www.nginx.com/blog/php-fpm-cve-2019-11043-vulnerability-nginx/
>
> in either CentOS 7 or 8 ?
>
> thanks
>
> ---
> Thomas Stephen Lee
> _______________________________________________
> CentOS mailing listCentOS@centos.orghttps://lists.centos.org/mailman/listinfo/centos
>
> The simplest is to conditionally set PATH_INFO if it's not empty:
>
> fastcgi_param PATH_INFO $fastcgi_path_info if_not_empty;
>
> Another option is to explicitly test whether the fastcgi script path
> exists :
>
> if (!-f $document_root$fastcgi_script_name) {
>                                  return 404;
> }
>
> --
> Marius
>
> _______________________________________________
> CentOS mailing listCentOS@centos.orghttps://lists.centos.org/mailman/listinfo/centos
>
> _______________________________________________
> CentOS mailing listCentOS@centos.orghttps://lists.centos.org/mailman/listinfo/centos
>
> Interesting the RedHat page says "7.3.x below 7.3.11", now looking at
> https://cbs.centos.org/koji/buildinfo?buildID=27138 it has
> php-7.3.7-2.el7 which means it is affected.
>
> --
> Marius
>
>
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux