yes, those who use software collections will have to wait longer for permanent fix i guess.
thanks
–
–Or it may arrive sooner, depending on the repo maintainer for each package. I use a COPR package of BackupPC 4 and the packager typically has a new package rolled a day after an upstream release.
8 thoughts on - PHP FPM Issue
https://access.redhat.com/security/cve/cve-2019-11043
The simplest is to conditionally set PATH_INFO if it’s not empty:
fastcgi_param PATH_INFO $fastcgi_path_info if_not_empty;
Another option is to explicitly test whether the fastcgi script path exists :
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
—
Marius
Hi Marius,
Will make the changes and see how it goes.
Interesting the RedHat page says “7.3.x below 7.3.11”, now looking at https://cbs.CentOS.org/koji/buildinfo?buildID'138 it has
php-7.3.7-2.el7 which means it is affected.
https://access.redhat.com/errata/RHSA-2019:3286
Looks like RedHat is updating PHP 5 packages.
thanks
–
yes, those who use software collections will have to wait longer for permanent fix i guess.
thanks
–
–Or it may arrive sooner, depending on the repo maintainer for each package. I use a COPR package of BackupPC 4 and the packager typically has a new package rolled a day after an upstream release.
RedHat has updated rh-php71-php and rh-php72-php.
https://access.redhat.com/errata/RHSA-2019:3300
https://access.redhat.com/errata/RHSA-2019:3299
thanks
–