Get the most out of your Centmin Mod LEMP stack
Become a Member

PHP Security May 2019: Security Backported Fixes For EOL PHP 5.6.40 & PHP 7.0.33

Discussion in 'Nginx and PHP-FPM news & discussions' started by eva2000, May 28, 2019.

  1. eva2000

    eva2000 Administrator Staff Member

    45,399
    10,300
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,978
    Local Time:
    10:09 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    Updated 123.09beta01 to backport some security fixes into EOL PHP 5.6.40 and PHP 7.0.33 Beta Branch - backport PHP 7.1.30 security fixes into EOL PHP 5.6.40 & 7.0.33 in 123.09beta01. If you're still using PHP 5.6.40 or PHP 7.0.33, you'd want to update recompile those PHP versions after you updated 123.09beta01.

    - PHP bug #77967 PHP :: Sec Bug #77967 :: Bypassing open_basedir restrictions via file uris
    - PHP bug #77988 PHP :: Sec Bug #77988 :: heap-buffer-overflow on php_jpg_get16
    - PHP bug #78069 PHP :: Sec Bug #78069 :: Out-of-bounds read in iconv.c:_php_iconv_mime_decode() due to integer overflow

    For Centmin Mod 123.09beta01 and newer, first update to latest version code via SSH command = cmupdate (same equivalent to centmin.sh menu option 23 submenu option 2 method). Then run centmin.sh menu option 5 to update to either PHP versions 5.6.40 or 7.0.33. PHP versions coming soon for 7.1.30, 7.2.19 and 7.3.6 will already have those security fixes.

    Example output from cmupdate SSH command run:
    Code (Text):
    cmupdate
    

    Code (Text):
    cmupdate
    No local changes to save
    remote: Enumerating objects: 13, done.
    remote: Counting objects: 100% (13/13), done.
    remote: Compressing objects: 100% (10/10), done.
    remote: Total 13 (delta 3), reused 7 (delta 3), pack-reused 0
    Unpacking objects: 100% (13/13), done.
    From https://github.com/centminmod/centminmod
       74db98e..333187c  123.09beta01 -> origin/123.09beta01
       53ff6b1..74db98e  master     -> origin/master
    Updating 74db98e..333187c
    Fast-forward
     centmin.sh                      |  2 +-
     inc/php_patch.inc               | 35 ++++++++++++++++++++++++++++++++++-
     patches/php/php5640-77967.patch | 57 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
     patches/php/php5640-77988.patch | 59 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
     patches/php/php5640-78069.patch | 36 ++++++++++++++++++++++++++++++++++++
     patches/php/php7033-77967.patch | 71 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
     patches/php/php7033-77988.patch | 59 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
     patches/php/php7033-78069.patch | 36 ++++++++++++++++++++++++++++++++++++
     8 files changed, 353 insertions(+), 2 deletions(-)
     create mode 100644 patches/php/php5640-77967.patch
     create mode 100644 patches/php/php5640-77988.patch
     create mode 100644 patches/php/php5640-78069.patch
     create mode 100644 patches/php/php7033-77967.patch
     create mode 100644 patches/php/php7033-77988.patch
     create mode 100644 patches/php/php7033-78069.patch