[CentOS] PHP vulnerability CVE-2016-4073

Wed Sep 21 12:46:51 UTC 2016
Прокси <proxy-one at mail.ru>

On 2016-Sep-21 14:45, Eero Volotinen wrote:
> https://pci.qualys.com/static/help/merchant/questionnaires/compensating_controls_definition.htm
> 
> Eero

Well, I was hoping to get some ideas for compensating controls in this
case. Anyhow, I just added mb_strcut() to disable_functions. I'll be
able to live without it.

 
> 2016-09-21 14:02 GMT+03:00 Прокси <proxy-one at mail.ru>:
> 
> > Hello,
> >
> > My server with CentOS 6.8 just failed PCI scan, so I'm looking into
> > vulnerable packages. PHP 5.3.3 have multiple vulnerabilities, some of
> > them are fixed/patched or have some kind of workaround. But I can't find
> > a way to fix this one. Red Hat state: under investigation.
> >
> > https://access.redhat.com/security/cve/cve-2016-4073
> >
> > This CVE is 6 months old, and it doesn't look like it will be fixed.
> > Does anyone knows the way to go around this? Except blocking mb_strcut()
> > function.
> >
> > Thanks!
> > _______________________________________________
> > CentOS mailing list
> > CentOS at centos.org
> > https://lists.centos.org/mailman/listinfo/centos
> >
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos