How can I guard against the PHP vulnerability CVE-2019-11043?
A new vulnerability in PHP 7, CVE-2019-11043, was announced recently. How can I make sure my Linode’s patched for it?
1 Reply
The best way to make sure your Linode’s secure is to update the software on your Linode to the latest available version. For CentOS/RHEL you can do so with the following command:
yum update
For Debian or Ubuntu you can use:
apt-get update && apt-get upgrade
Currently, the PHP 7 versions 7.1.33, 7.2.24, and 7.3.11 include fixes for CVE-2019-11043. To check your PHP version, you can use:
php --version
In addition to updating PHP, you can make changes to the configuration of your site to protect against attempts to use this vulnerability. For example, you can set up ModSecurity to block attempts to visit URLs with %0a
and %0d
in them. There’s more info on the vulnerability and how to defend against it in this blog post by Wallarm, the company who found the vulnerability:
https://lab.wallarm.com/php-remote-code-execution-0-day-discovered-in-real-world-ctf-exercise/
This is being written before The PHP Group has released an official statement on CVE-2019-11043, so I’d recommend keeping an eye out for any additional info once PHP has made it available.