[CentOS] PHP FPM issue
Thomas Stephen Lee
lee.iitb at gmail.com
Thu Oct 31 16:55:49 UTC 2019
Hi Marius,
Will make the changes and see how it goes.
On the other hand
https://cbs.centos.org/koji/buildinfo?buildID=27138
if the above was released we could just install and migrate to
rh-php73-php, which is not affected as per
https://access.redhat.com/security/cve/cve-2019-11043
thanks
---
Thomas Stephen Lee
On Thu, Oct 31, 2019 at 8:40 PM Marius ROMAN <marius at roman.systems> wrote:
> On 10/31/19 10:49 AM, Thomas Stephen Lee wrote:
> > Hi,
> >
> > what is the workaround for this?
> >
> > https://www.nginx.com/blog/php-fpm-cve-2019-11043-vulnerability-nginx/
> >
> > in either CentOS 7 or 8 ?
> >
> > thanks
> >
> > ---
> > Thomas Stephen Lee
> > _______________________________________________
> > CentOS mailing list
> > CentOS at centos.org
> > https://lists.centos.org/mailman/listinfo/centos
>
> The simplest is to conditionally set PATH_INFO if it's not empty:
>
> fastcgi_param PATH_INFO $fastcgi_path_info if_not_empty;
>
> Another option is to explicitly test whether the fastcgi script path
> exists :
>
> if (!-f $document_root$fastcgi_script_name) {
> return 404;
> }
>
> --
> Marius
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
More information about the CentOS
mailing list