Welcome to Centmin Mod Community
Become a Member

Stable Branch security fix for php-fpm for http proxy header CVE-2016-5385

Discussion in 'Centmin Mod Github Commits' started by eva2000, Jul 19, 2016.

  1. eva2000

    eva2000 Administrator Staff Member

    55,801
    12,271
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,857
    Local Time:
    9:09 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    security fix for php-fpm for http proxy header CVE-2016-5385

    Outlined at Mitigating the HTTPoxy Vulnerability with NGINX To fix on existing Centmin Mod systems, update latest 123.09beta01 or 123.08stable branch code via centmin.sh menu option 23 and then exit centmin.sh and re-run centmin.sh one more time. It should trigger the server wide detection and auto updating of all php-fpm config files for the value

    Code (Text):
    fastcgi_param  HTTP_PROXY         "";
    


    on default centmin mod 123.09beta01 installs prior to this update, the re-run of centmin.sh will trigger output similar to below listing all auto detected php-fpm config files and the output check of HTTP_PROXY fastcgi_param


    Code (Text):
    updating php-fpm config files to block Proxy header / HTTP_PROXY
    /usr/local/nginx/conf/php-pool5.conf
    fastcgi_param  HTTP_PROXY         "";
    updating php-fpm config files to block Proxy header / HTTP_PROXY
    /usr/local/nginx/conf/php-pool2.conf
    fastcgi_param  HTTP_PROXY         "";
    updating php-fpm config files to block Proxy header / HTTP_PROXY
    /usr/local/nginx/conf/php.conf
    fastcgi_param  HTTP_PROXY         "";
    updating php-fpm config files to block Proxy header / HTTP_PROXY
    /usr/local/nginx/conf/php-pool4.conf
    fastcgi_param  HTTP_PROXY         "";
    updating php-fpm config files to block Proxy header / HTTP_PROXY
    /usr/local/nginx/conf/php-pool3.conf
    fastcgi_param  HTTP_PROXY         "";
    updating php-fpm config files to block Proxy header / HTTP_PROXY
    /usr/local/nginx/conf/phpalt.conf
    fastcgi_param  HTTP_PROXY         "";
    updating php-fpm config files to block Proxy header / HTTP_PROXY
    /usr/local/nginx/conf/phpssl.conf
    fastcgi_param  HTTP_PROXY         "";
    


    Continue reading...

    Centmin Mod Github Current Stable branch

     
    Last edited: Jul 19, 2016