Master Branch security fix for php-fpm for http proxy header CVE-2016-5385

security fix for php-fpm for http proxy header CVE-2016-5385

Outlined at https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/. To fix on existing Centmin Mod systems, update latest 123.09beta01 or 123.08stable branch code via centmin.sh menu option 23 and then exit centmin.sh and re-run centmin.sh one more time. It should trigger the server wide detection and auto updating of all php-fpm config files for the value

Code (Text):

fastcgi_param  HTTP_PROXY         "";

on default centmin mod 123.09beta01 installs prior to this update, the re-run of centmin.sh will trigger output similar to below listing all auto detected php-fpm config files and the output check of HTTP_PROXY fastcgi_param

Code (Text):

updating php-fpm config files to block Proxy header / HTTP_PROXY
/usr/local/nginx/conf/php-pool5.conf
fastcgi_param  HTTP_PROXY         "";
updating php-fpm config files to block Proxy header / HTTP_PROXY
/usr/local/nginx/conf/php-pool2.conf
fastcgi_param  HTTP_PROXY         "";
updating php-fpm config files to block Proxy header / HTTP_PROXY
/usr/local/nginx/conf/php.conf
fastcgi_param  HTTP_PROXY         "";
updating php-fpm config files to block Proxy header / HTTP_PROXY
/usr/local/nginx/conf/php-pool4.conf
fastcgi_param  HTTP_PROXY         "";
updating php-fpm config files to block Proxy header / HTTP_PROXY
/usr/local/nginx/conf/php-pool3.conf
fastcgi_param  HTTP_PROXY         "";
updating php-fpm config files to block Proxy header / HTTP_PROXY
/usr/local/nginx/conf/phpalt.conf
fastcgi_param  HTTP_PROXY         "";
updating php-fpm config files to block Proxy header / HTTP_PROXY
/usr/local/nginx/conf/phpssl.conf
fastcgi_param  HTTP_PROXY         "";

Continue reading...

Centmin Mod Github Master branch

Master branch is where most recent commits are made as at May 24, 2015.

• Branch: https://github.com/centminmod/centminmod
• Commit History: https://github.com/centminmod/centminmod/commits/master