How can I guard against the PHP vulnerability CVE-2019-11043?

A new vulnerability in PHP 7, CVE-2019-11043, was announced recently. How can I make sure my Linode’s patched for it?

1 Reply

The best way to make sure your Linode’s secure is to update the software on your Linode to the latest available version. For CentOS/RHEL you can do so with the following command:

yum update

For Debian or Ubuntu you can use:

apt-get update && apt-get upgrade

Currently, the PHP 7 versions 7.1.33, 7.2.24, and 7.3.11 include fixes for CVE-2019-11043. To check your PHP version, you can use:

php --version

In addition to updating PHP, you can make changes to the configuration of your site to protect against attempts to use this vulnerability. For example, you can set up ModSecurity to block attempts to visit URLs with %0a and %0d in them. There’s more info on the vulnerability and how to defend against it in this blog post by Wallarm, the company who found the vulnerability:

https://lab.wallarm.com/php-remote-code-execution-0-day-discovered-in-real-world-ctf-exercise/

This is being written before The PHP Group has released an official statement on CVE-2019-11043, so I’d recommend keeping an eye out for any additional info once PHP has made it available.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct