Join the community today
Become a Member

Beta Branch security fix for php-fpm for http proxy header CVE-2016-5385

Discussion in 'Centmin Mod Github Commits' started by eva2000, Jul 19, 2016.

  1. eva2000

    eva2000 Administrator Staff Member

    54,336
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    6:56 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    security fix for php-fpm for http proxy header CVE-2016-5385

    Outlined at Mitigating the HTTPoxy Vulnerability with NGINX To fix on existing Centmin Mod systems, update latest 123.09beta01 or 123.08stable branch code via centmin.sh menu option 23 and then exit centmin.sh and re-run centmin.sh one more time. It should trigger the server wide detection and auto updating of all php-fpm config files for the value

    Code (Text):
    fastcgi_param  HTTP_PROXY         "";
    


    on default centmin mod 123.09beta01 installs prior to this update, the re-run of centmin.sh will trigger output similar to below listing all auto detected php-fpm config files and the output check of HTTP_PROXY fastcgi_param


    Code (Text):
    updating php-fpm config files to block Proxy header / HTTP_PROXY
    /usr/local/nginx/conf/php-pool5.conf
    fastcgi_param  HTTP_PROXY         "";
    updating php-fpm config files to block Proxy header / HTTP_PROXY
    /usr/local/nginx/conf/php-pool2.conf
    fastcgi_param  HTTP_PROXY         "";
    updating php-fpm config files to block Proxy header / HTTP_PROXY
    /usr/local/nginx/conf/php.conf
    fastcgi_param  HTTP_PROXY         "";
    updating php-fpm config files to block Proxy header / HTTP_PROXY
    /usr/local/nginx/conf/php-pool4.conf
    fastcgi_param  HTTP_PROXY         "";
    updating php-fpm config files to block Proxy header / HTTP_PROXY
    /usr/local/nginx/conf/php-pool3.conf
    fastcgi_param  HTTP_PROXY         "";
    updating php-fpm config files to block Proxy header / HTTP_PROXY
    /usr/local/nginx/conf/phpalt.conf
    fastcgi_param  HTTP_PROXY         "";
    updating php-fpm config files to block Proxy header / HTTP_PROXY
    /usr/local/nginx/conf/phpssl.conf
    fastcgi_param  HTTP_PROXY         "";
    


    Continue reading...

    123.09beta01 branch
     
    Last edited: Jul 20, 2016