Stable Branch security fix for php-fpm for http proxy header CVE-2016-5385

security fix for php-fpm for http proxy header CVE-2016-5385

Outlined at Mitigating the HTTPoxy Vulnerability with NGINX To fix on existing Centmin Mod systems, update latest 123.09beta01 or 123.08stable branch code via centmin.sh menu option 23 and then exit centmin.sh and re-run centmin.sh one more time. It should trigger the server wide detection and auto updating of all php-fpm config files for the value

Code (Text):

fastcgi_param  HTTP_PROXY         "";

on default centmin mod 123.09beta01 installs prior to this update, the re-run of centmin.sh will trigger output similar to below listing all auto detected php-fpm config files and the output check of HTTP_PROXY fastcgi_param

Code (Text):

updating php-fpm config files to block Proxy header / HTTP_PROXY
/usr/local/nginx/conf/php-pool5.conf
fastcgi_param  HTTP_PROXY         "";
updating php-fpm config files to block Proxy header / HTTP_PROXY
/usr/local/nginx/conf/php-pool2.conf
fastcgi_param  HTTP_PROXY         "";
updating php-fpm config files to block Proxy header / HTTP_PROXY
/usr/local/nginx/conf/php.conf
fastcgi_param  HTTP_PROXY         "";
updating php-fpm config files to block Proxy header / HTTP_PROXY
/usr/local/nginx/conf/php-pool4.conf
fastcgi_param  HTTP_PROXY         "";
updating php-fpm config files to block Proxy header / HTTP_PROXY
/usr/local/nginx/conf/php-pool3.conf
fastcgi_param  HTTP_PROXY         "";
updating php-fpm config files to block Proxy header / HTTP_PROXY
/usr/local/nginx/conf/phpalt.conf
fastcgi_param  HTTP_PROXY         "";
updating php-fpm config files to block Proxy header / HTTP_PROXY
/usr/local/nginx/conf/phpssl.conf
fastcgi_param  HTTP_PROXY         "";

Continue reading...

Centmin Mod Github Current Stable branch

• Branch: GitHub - centminmod/centminmod at 123.08stable
• Commit History: Commits · centminmod/centminmod · GitHub