Want to subscribe to topics you're interested in?
Become a Member

PHP-FPM Security Update HTTPoxy Vulnerability CVE-2016-5385

Discussion in 'Centmin Mod News' started by eva2000, Jul 19, 2016.

Thread Status:
Not open for further replies.
  1. eva2000

    eva2000 Administrator Staff Member

    30,168
    6,784
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    6:40 PM
    Nginx 1.13.x
    MariaDB 5.5

    PHP-FPM Configuration Security Update HTTPoxy Vulnerability CVE-2016-5385



    Updated both Centmin Mod 123.08stable and 123.09beta01 builds for HTTPoxy Security Vulnerability CVE-2016-5385 outlined at Mitigating the HTTPoxy Vulnerability with NGINX To fix on existing Centmin Mod systems, update latest 123.09beta01 or 123.08stable branch code via centmin.sh menu option 23 and then exit centmin.sh and re-run centmin.sh one more time. Full detail and example of update at Beta Branch - security fix for php-fpm for http proxy header CVE-2016-5385 | Centmin Mod Community

    To update your Centmin Mod builds follow instructions at centminmod.com/upgrade.html and respective version threads below:
    Actual commits
     
    Last edited: Jul 24, 2016
    • Like Like x 3
    • Informative Informative x 1
  2. eva2000

    eva2000 Administrator Staff Member

    30,168
    6,784
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    6:40 PM
    Nginx 1.13.x
    MariaDB 5.5
  3. eva2000

    eva2000 Administrator Staff Member

    30,168
    6,784
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    6:40 PM
    Nginx 1.13.x
    MariaDB 5.5
    If you don't use centmin.sh menu option 23 submenu option 2 to update your centmin mod code, you can just use git command line if you already have Centmin Mod git environment setup via centmin.sh menu option 23 submenu option 1. Using these commands in SSH session are equivalent to using centmin.sh menu option 23 submenu option 2
    Code (Text):
    cd /usr/local/src/centminmod
    git stash
    git pull
    ./centmin.sh
    
     
Thread Status:
Not open for further replies.