Learn about Centmin Mod LEMP Stack today
Register Now

Beta Branch backport PHP 7.4.25 security fixes to PHP 5.6, 7.0, 7.1, 7.2, 7.3 in 123.09beta01

Discussion in 'Centmin Mod Github Commits' started by eva2000, Oct 22, 2021.

  1. eva2000

    eva2000 Administrator Staff Member

    49,034
    11,232
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +17,483
    Local Time:
    5:53 PM
    Nginx 1.21.x
    MariaDB 10.x
    backport PHP 7.4.25 security fixes to PHP 5.6, 7.0, 7.1, 7.2, 7.3 in 123.09beta01


    - backport PHP 7.4.25 and 8.0.12 security fixes to EOL PHP 5.6.40, 7.0.33, 7.1.33, 7.2.34 and 7.3.31 specific versions for PHP bug #81026 https://bugs.php.net/bug.php?id=81026 (CVE-2021-21703)
    - this security bug is specific to PHP-FPM usage, so applies to Centmin Mod and any other PHP-FPM using servers. The PHP-FPM security bug allows folks who have access to your server or local code on server to force the root FPM process to read/write at arbitrary locations using pointers located in the SHM shared memory, leading to a privilege escalation from www-data to root (non-CentminMod) or from nginx to root user (Centmin Mod)
    - existing Centmin Mod 123.09beta01 users need to run cmupdate command to update local server code with available patches and then re-run centmin.sh menu option 5 to recompile your PHP versions to PHP 5.6.40, 7.0.33, 7.1.33, 7.2.34 and 7.3.31 specific versions if you are using those version branches. Or ideally, update to PHP 7.4.25 or PHP 8.0.12 or higher from current stable releases IF your web apps support it.

    Continue reading...

    123.09beta01 branch