Richard G
Verified User
I've seen this today and seems very dangerous to me since a lot of systems still use php-cgi. The dangerous code is put public today, so all php-cgi servers are now vulnarable to this code execution.
http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/
Since php is installed via DA in custombuild, can custombuild provide a workaround for this? There is a workaround included on that page, I like the second way best.
The second way is a patch for PHP, which disables the parsing of arguments if
php-cgi is invoked as non-fastcgi cgi.
But this is in c so needs to be put in during compiling.
http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/
Since php is installed via DA in custombuild, can custombuild provide a workaround for this? There is a workaround included on that page, I like the second way best.
The second way is a patch for PHP, which disables the parsing of arguments if
php-cgi is invoked as non-fastcgi cgi.
But this is in c so needs to be put in during compiling.