[CentOS] PHP vulnerability CVE-2016-4073

Adrian Sevcenco Adrian.Sevcenco at cern.ch
Wed Sep 21 11:35:23 UTC 2016


On 09/21/2016 02:02 PM, Прокси wrote:
> Hello,
> 
> My server with CentOS 6.8 just failed PCI scan, so I'm looking into
> vulnerable packages. PHP 5.3.3 have multiple vulnerabilities, some of
> them are fixed/patched or have some kind of workaround. But I can't find
> a way to fix this one. Red Hat state: under investigation.
> 
> https://access.redhat.com/security/cve/cve-2016-4073
> 
> This CVE is 6 months old, and it doesn't look like it will be fixed.
> Does anyone knows the way to go around this? Except blocking mb_strcut()
> function.
you could try the unsupported php from remi repos... you can find there php 7.0 ..

HTH,
Adrian



More information about the CentOS mailing list