Get the most out of your Centmin Mod LEMP stack
Become a Member

Beta Branch security fix for php-fpm for http proxy header CVE-2016-5385

Discussion in 'Centmin Mod Github Commits' started by eva2000, Jul 19, 2016.

  1. eva2000

    eva2000 Administrator Staff Member

    30,994
    6,919
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,424
    Local Time:
    8:00 PM
    Nginx 1.13.x
    MariaDB 5.5
    security fix for php-fpm for http proxy header CVE-2016-5385

    Outlined at Mitigating the HTTPoxy Vulnerability with NGINX To fix on existing Centmin Mod systems, update latest 123.09beta01 or 123.08stable branch code via centmin.sh menu option 23 and then exit centmin.sh and re-run centmin.sh one more time. It should trigger the server wide detection and auto updating of all php-fpm config files for the value

    Code (Text):
    fastcgi_param  HTTP_PROXY         "";
    


    on default centmin mod 123.09beta01 installs prior to this update, the re-run of centmin.sh will trigger output similar to below listing all auto detected php-fpm config files and the output check of HTTP_PROXY fastcgi_param

    Code (Text):
    updating php-fpm config files to block Proxy header / HTTP_PROXY
    /usr/local/nginx/conf/php-pool5.conf
    fastcgi_param  HTTP_PROXY         "";
    updating php-fpm config files to block Proxy header / HTTP_PROXY
    /usr/local/nginx/conf/php-pool2.conf
    fastcgi_param  HTTP_PROXY         "";
    updating php-fpm config files to block Proxy header / HTTP_PROXY
    /usr/local/nginx/conf/php.conf
    fastcgi_param  HTTP_PROXY         "";
    updating php-fpm config files to block Proxy header / HTTP_PROXY
    /usr/local/nginx/conf/php-pool4.conf
    fastcgi_param  HTTP_PROXY         "";
    updating php-fpm config files to block Proxy header / HTTP_PROXY
    /usr/local/nginx/conf/php-pool3.conf
    fastcgi_param  HTTP_PROXY         "";
    updating php-fpm config files to block Proxy header / HTTP_PROXY
    /usr/local/nginx/conf/phpalt.conf
    fastcgi_param  HTTP_PROXY         "";
    updating php-fpm config files to block Proxy header / HTTP_PROXY
    /usr/local/nginx/conf/phpssl.conf
    fastcgi_param  HTTP_PROXY         "";
    


    Continue reading...

    123.09beta01 branch
     
    Last edited: Jul 20, 2016
    • Informative Informative x 1