Issue Urgent security issue in NGINX/php-fpm

LaurentR2D2 · Oct 25, 2019

Hello,
I've seen this on the Nextcloud blog. Is there a Nginx and PHP upgrade planned concerning this issue ?

Urgent security issue in NGINX/php-fpm – Nextcloud

Thank you

seqoi · Oct 26, 2019

LaurentR2D2 said:
Hello,
I've seen this on the Nextcloud blog. Is there a Nginx and PHP upgrade planned concerning this issue ?

Urgent security issue in NGINX/php-fpm – Nextcloud

Thank you

Thanks. Good article. But it's not "hack scare" - imho. Have you read CVE article ( PHP-FPM/Nginx Vulnerability - CVE-2019-11043 | Liquid Web) - certain preconditions has to be met for this to work. Plesk updates Third party components quite fast. In this case they need to update:

PHP 7.3 from version 7.3.10. to 7.3.11 and
PHP 7.2 from version 7.2.23. to 7.2.24 and this problems should be resolved as far as preconditions are met.

I am pretty we can count on them updating PHP version sometimes next week.

Sage Pointer · Oct 26, 2019

seqoi said:
certain preconditions has to be met for this to work.

Which are met by default when PHP is selected as "FPM served by nginx".

LaurentR2D2 · Oct 26, 2019

Sage Pointer said:
Which are met by default when PHP is selected as "FPM served by nginx".

So as I have FPM served by Apache for my websites, I should be fine ?

Sage Pointer · Oct 26, 2019

LaurentR2D2 said:
So as I have FPM served by Apache for my websites, I should be fine ?

Apache + PHP-FPM doesn't look vulnerable, at least with the default configs provided by Plesk.

Issue Urgent security issue in NGINX/php-fpm

LaurentR2D2

Plesk Certified Professional

seqoi

Regular Pleskian

Sage Pointer

New Pleskian

LaurentR2D2

Plesk Certified Professional

Sage Pointer

New Pleskian

Similar threads