Re: [CentOS] PHP vulnerability CVE-2016-4073

2016-09-24 Thread Alice Wonder
On 09/24/2016 07:40 AM, Lamar Owen wrote: On 09/23/2016 04:42 AM, James Hogarth wrote: Of course this is where Red Hat intends SCL to fill the gap of the "supported" new httpd24 and php56 on RHEL ... https://www.hogarthuk.com/?q=node/15 Unfortunately this is having a knock on effect in the

Re: [CentOS] PHP vulnerability CVE-2016-4073

2016-09-24 Thread Lamar Owen
On 09/23/2016 04:42 AM, James Hogarth wrote: Of course this is where Red Hat intends SCL to fill the gap of the "supported" new httpd24 and php56 on RHEL ... https://www.hogarthuk.com/?q=node/15 Unfortunately this is having a knock on effect in the EPEL world where, since Fedora has no SCL

Re: [CentOS] PHP vulnerability CVE-2016-4073

2016-09-23 Thread James Hogarth
On 21 September 2016 at 19:00, Alice Wonder wrote: > > > On 09/21/2016 05:43 AM, Прокси wrote: >> >> On 2016-Sep-21 14:35, Adrian Sevcenco wrote: >>> >>> On 09/21/2016 02:02 PM, Прокси wrote: Hello, My server with CentOS 6.8 just failed PCI scan, so I'm

Re: [CentOS] PHP vulnerability CVE-2016-4073

2016-09-22 Thread Прокси
On 2016-Sep-21 11:00, Alice Wonder wrote: > I feel the same way but I find that it is generally safe and beneficial to > update the LAMP stack on servers and the multimedia stack on the desktop. > > Things like HTTP/2 are not available in the Apache that ships even with > CentOS 7 and the PHP is

Re: [CentOS] PHP vulnerability CVE-2016-4073

2016-09-21 Thread Alice Wonder
On 09/21/2016 05:43 AM, Прокси wrote: On 2016-Sep-21 14:35, Adrian Sevcenco wrote: On 09/21/2016 02:02 PM, Прокси wrote: Hello, My server with CentOS 6.8 just failed PCI scan, so I'm looking into vulnerable packages. PHP 5.3.3 have multiple vulnerabilities, some of them are fixed/patched or

Re: [CentOS] PHP vulnerability CVE-2016-4073

2016-09-21 Thread Прокси
On 2016-Sep-21 14:45, Eero Volotinen wrote: > https://pci.qualys.com/static/help/merchant/questionnaires/compensating_controls_definition.htm > > Eero Well, I was hoping to get some ideas for compensating controls in this case. Anyhow, I just added mb_strcut() to disable_functions. I'll be able

Re: [CentOS] PHP vulnerability CVE-2016-4073

2016-09-21 Thread Прокси
On 2016-Sep-21 14:35, Adrian Sevcenco wrote: > On 09/21/2016 02:02 PM, Прокси wrote: > > Hello, > > > > My server with CentOS 6.8 just failed PCI scan, so I'm looking into > > vulnerable packages. PHP 5.3.3 have multiple vulnerabilities, some of > > them are fixed/patched or have some kind of

Re: [CentOS] PHP vulnerability CVE-2016-4073

2016-09-21 Thread Eero Volotinen
https://pci.qualys.com/static/help/merchant/questionnaires/compensating_controls_definition.htm Eero 2016-09-21 14:02 GMT+03:00 Прокси : > Hello, > > My server with CentOS 6.8 just failed PCI scan, so I'm looking into > vulnerable packages. PHP 5.3.3 have multiple

Re: [CentOS] PHP vulnerability CVE-2016-4073

2016-09-21 Thread Adrian Sevcenco
On 09/21/2016 02:02 PM, Прокси wrote: > Hello, > > My server with CentOS 6.8 just failed PCI scan, so I'm looking into > vulnerable packages. PHP 5.3.3 have multiple vulnerabilities, some of > them are fixed/patched or have some kind of workaround. But I can't find > a way to fix this one. Red

[CentOS] PHP vulnerability CVE-2016-4073

2016-09-21 Thread Прокси
Hello, My server with CentOS 6.8 just failed PCI scan, so I'm looking into vulnerable packages. PHP 5.3.3 have multiple vulnerabilities, some of them are fixed/patched or have some kind of workaround. But I can't find a way to fix this one. Red Hat state: under investigation.