Critical open hole in PHP creates risks

[mlx]

Everyone who's running PHP-CGI might wanna read this.

AFAIK this is really just about PHP in CGI mode. Not about FastCGI or FPM.

Oh and PHP 5.3.12 and PHP 5.4.2 are still broken. Don't waste your time on these ...

http://www.h-online.com/open/news/item/Critical-open-hole-in-PHP-creates-risks-Update-2-1567532.html

P.S. https://www.facebook.com/?-s

 

[erich37]

I just received an e-mail from my hosting-provider regarding some PHP security issues. My hosting provider is asking whether I am using PHP5 as CGI-Module ? Is this the case with XF-scripts ?

german language:
http://www.heise.de/newsticker/meldung/Gefahr-durch-offene-PHP-Luecke-1567433.html

in english:
http://www.h-online.com/open/news/item/Critical-open-hole-in-PHP-creates-risks-Update-2-1567532.html

 

[MattW]

Saw this on WHT yesterday. Glad I'm running in FCGI.

I just received an e-mail from my hosting-provider regarding some PHP security issues. My hosting provider is asking whether I am using PHP5 as CGI-Module ? Is this the case with XF-scripts ?

german language:
http://www.heise.de/newsticker/meldung/Gefahr-durch-offene-PHP-Luecke-1567433.html

in english:
http://www.h-online.com/open/news/item/Critical-open-hole-in-PHP-creates-risks-Update-2-1567532.html

Are you on your own server?

 

[Floris]

XenForo users can go to : admin.php?tools/phpinfo
And under "Server API" it will say something like: 'CGI/FastCGI'

 

[DSF]

XenForo users can go to : admin.php?tools/phpinfo
And under "Server API" it will say something like: 'CGI/FastCGI'

Server API Apache 2.0 Handler
No stress ...

 

[mlx]

Is this the case with XF-scripts ?

This has nothing to do with the scripts you are running or XenForo.

It's a matter of your general webserver/PHP config.

As Floris mentioned, you can look it up via XenForo/phpinfo though.

 

[Adam Howard]

Thankfully this does not seem to affect any of the sites I visit (including XenForo.com ..... Yes, I tried).