View All Products
Compute
Storage
Databases
Networking
Developer Tools
Delivery
Security
Services
Industries
Pricing
Community
Engage With Us
Community Questions How can I guard against the PHP vulnerability CVE-2019-11043?
Log in to Ask a Question

How can I guard against the PHP vulnerability CVE-2019-11043?

php nginx php-fpm cve-2019-11043
Linode Staff

A new vulnerability in PHP 7, CVE-2019-11043, was announced recently. How can I make sure my Linode’s patched for it?

1 Reply

Linode Staff

The best way to make sure your Linode’s secure is to update the software on your Linode to the latest available version. For CentOS/RHEL you can do so with the following command:

yum update

For Debian or Ubuntu you can use:

apt-get update && apt-get upgrade

Currently, the PHP 7 versions 7.1.33, 7.2.24, and 7.3.11 include fixes for CVE-2019-11043. To check your PHP version, you can use:

php --version

In addition to updating PHP, you can make changes to the configuration of your site to protect against attempts to use this vulnerability. For example, you can set up ModSecurity to block attempts to visit URLs with %0a and %0d in them. There’s more info on the vulnerability and how to defend against it in this blog post by Wallarm, the company who found the vulnerability:

https://lab.wallarm.com/php-remote-code-execution-0-day-discovered-in-real-world-ctf-exercise/

This is being written before The PHP Group has released an official statement on CVE-2019-11043, so I’d recommend keeping an eye out for any additional info once PHP has made it available.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct