?? ????
On 09/30/2013 05:02 PM, Erwin Rennert wrote:
Please don't jump to conclusions.
It might very well be that centos patched the "old" PHP version a long
time ago. I doubt the owncloud installation routine actually checks
for the vulnerability.
Nevertheless it does
https://github.com/owncloud/core/blob/stable5/core/setup.php#L22
Victor
It probably only checks for the PHP version number and certainly has
no knowledge of any given distribution's patch history.
BTW, CVE-2006-7243 is from 2006, not 2010.
Kind regards,
E.R.
On 09/30/2013 03:25 PM, Adrian Sevcenco wrote:
Hi! i just installed the owncloud on an updated centos 6.4 and i have
this warning:
"Your PHP version is vulnerable to the NULL Byte attack (CVE-2006-7243)
Please update your PHP installation to use ownCloud securely."
given that the bug is from 2010 and i have an updated system, is the
warning valid?
Thanks!
Adrian
_______________________________________________
Owncloud mailing list
[email protected]
https://mail.kde.org/mailman/listinfo/owncloud
!DSPAM:52497c0f128225655088695!
_______________________________________________
Owncloud mailing list
[email protected]
https://mail.kde.org/mailman/listinfo/owncloud
