[CentOS] PHP vulnerability CVE-2016-4073
Прокси
proxy-one at mail.ruWed Sep 21 12:46:51 UTC 2016
- Previous message: [CentOS] PHP vulnerability CVE-2016-4073
- Next message: [CentOS] CentOS-6.8 PCI Hwdr issue?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 2016-Sep-21 14:45, Eero Volotinen wrote: > https://pci.qualys.com/static/help/merchant/questionnaires/compensating_controls_definition.htm > > Eero Well, I was hoping to get some ideas for compensating controls in this case. Anyhow, I just added mb_strcut() to disable_functions. I'll be able to live without it. > 2016-09-21 14:02 GMT+03:00 Прокси <proxy-one at mail.ru>: > > > Hello, > > > > My server with CentOS 6.8 just failed PCI scan, so I'm looking into > > vulnerable packages. PHP 5.3.3 have multiple vulnerabilities, some of > > them are fixed/patched or have some kind of workaround. But I can't find > > a way to fix this one. Red Hat state: under investigation. > > > > https://access.redhat.com/security/cve/cve-2016-4073 > > > > This CVE is 6 months old, and it doesn't look like it will be fixed. > > Does anyone knows the way to go around this? Except blocking mb_strcut() > > function. > > > > Thanks! > > _______________________________________________ > > CentOS mailing list > > CentOS at centos.org > > https://lists.centos.org/mailman/listinfo/centos > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos
- Previous message: [CentOS] PHP vulnerability CVE-2016-4073
- Next message: [CentOS] CentOS-6.8 PCI Hwdr issue?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list