Learn about Centmin Mod LEMP Stack today
Become a Member

Master Branch security fix for php-fpm for http proxy header CVE-2016-5385

Discussion in 'Centmin Mod Github Commits' started by eva2000, Jul 19, 2016.

  1. eva2000

    eva2000 Administrator Staff Member

    28,923
    6,565
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,742
    Local Time:
    11:26 PM
    Nginx 1.13.x
    MariaDB 5.5
    security fix for php-fpm for http proxy header CVE-2016-5385

    Outlined at https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/. To fix on existing Centmin Mod systems, update latest 123.09beta01 or 123.08stable branch code via centmin.sh menu option 23 and then exit centmin.sh and re-run centmin.sh one more time. It should trigger the server wide detection and auto updating of all php-fpm config files for the value

    Code (Text):
    fastcgi_param  HTTP_PROXY         "";
    


    on default centmin mod 123.09beta01 installs prior to this update, the re-run of centmin.sh will trigger output similar to below listing all auto detected php-fpm config files and the output check of HTTP_PROXY fastcgi_param

    Code (Text):
    updating php-fpm config files to block Proxy header / HTTP_PROXY
    /usr/local/nginx/conf/php-pool5.conf
    fastcgi_param  HTTP_PROXY         "";
    updating php-fpm config files to block Proxy header / HTTP_PROXY
    /usr/local/nginx/conf/php-pool2.conf
    fastcgi_param  HTTP_PROXY         "";
    updating php-fpm config files to block Proxy header / HTTP_PROXY
    /usr/local/nginx/conf/php.conf
    fastcgi_param  HTTP_PROXY         "";
    updating php-fpm config files to block Proxy header / HTTP_PROXY
    /usr/local/nginx/conf/php-pool4.conf
    fastcgi_param  HTTP_PROXY         "";
    updating php-fpm config files to block Proxy header / HTTP_PROXY
    /usr/local/nginx/conf/php-pool3.conf
    fastcgi_param  HTTP_PROXY         "";
    updating php-fpm config files to block Proxy header / HTTP_PROXY
    /usr/local/nginx/conf/phpalt.conf
    fastcgi_param  HTTP_PROXY         "";
    updating php-fpm config files to block Proxy header / HTTP_PROXY
    /usr/local/nginx/conf/phpssl.conf
    fastcgi_param  HTTP_PROXY         "";
    


    Continue reading...

    Centmin Mod Github Master branch

    Master branch is where most recent commits are made as at May 24, 2015.