Issue Urgent security issue in NGINX/php-fpm

[LaurentR2D2]

Hello,
I've seen this on the Nextcloud blog. Is there a Nginx and PHP upgrade planned concerning this issue ?

Urgent security issue in NGINX/php-fpm – Nextcloud

Thank you

 

[seqoi]

Hello,
I've seen this on the Nextcloud blog. Is there a Nginx and PHP upgrade planned concerning this issue ?

Urgent security issue in NGINX/php-fpm – Nextcloud

Thank you

Thanks. Good article. But it's not "hack scare" - imho. Have you read CVE article ( PHP-FPM/Nginx Vulnerability - CVE-2019-11043 | Liquid Web) - certain preconditions has to be met for this to work. Plesk updates Third party components quite fast. In this case they need to update:

PHP 7.3 from version 7.3.10. to 7.3.11 and
PHP 7.2 from version 7.2.23. to 7.2.24 and this problems should be resolved as far as preconditions are met.

I am pretty we can count on them updating PHP version sometimes next week.

 

[Sage Pointer]

certain preconditions has to be met for this to work.

Which are met by default when PHP is selected as "FPM served by nginx".

 

[LaurentR2D2]

Which are met by default when PHP is selected as "FPM served by nginx".

So as I have FPM served by Apache for my websites, I should be fine ?

 

[Sage Pointer]

So as I have FPM served by Apache for my websites, I should be fine ?

Apache + PHP-FPM doesn't look vulnerable, at least with the default configs provided by Plesk.