Want to subscribe to topics you're interested in?
Become a Member

PHP Discuss HTTPoxy Security Vulnerability CVE-2016-5385

Discussion in 'Nginx and PHP-FPM news & discussions' started by eva2000, Jul 19, 2016.

  1. eva2000

    eva2000 Administrator Staff Member

    54,328
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    8:22 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Would be at server level for php-fpm that's most relevant though ?

     
  2. arlon

    arlon Member

    95
    6
    8
    Feb 20, 2016
    Ratings:
    +12
    Local Time:
    5:22 AM
    1.13.6
    10.1
    how to check that my server has been patched?
     
  3. eva2000

    eva2000 Administrator Staff Member

    54,328
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    8:22 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    If you updated to PHP 5.5.38, 5.6.24 or 7.0.9 it also has native HTTPoxy fix via centmin.sh menu option 5 update.

    or
     
  4. eva2000

    eva2000 Administrator Staff Member

    54,328
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    8:22 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Note PHP has also been updated with native HTTPoxy fixes in


    centmin.sh menu option 5 can be used to update your PHP versions by specifying the version number you want when prompted i.e. = 5.6.24

    For folks curious of specific HTTPoxy fix commits Fix for HTTP_PROXY issue. · php/php-src@98b9dfa · GitHub
     
    Last edited: Jul 23, 2016