can you fix PHP Multipart/form-data remote dos Vulnerability

[perlish]

https://bugs.php.net/bug.php?id=69364
Would you like to fix PHP Multipart/form-data remote dos Vulnerability ,so we can upgrade php by yum.
PHP has release the new version and patch for it.

thank you.

[avij]

This is known as CVE-2015-4024. There will be a fix when Red Hat releases a fixed version. You can follow the progress at https://bugzilla.redhat.com/show_bug.cg ... -2015-4024.

[perlish]

It seems that it will take a long time to wait for the rpm from redhat
Can you upgrade the rpm by yourselfe ?

[avij]

My impression is that RH is not going to release new PHP packages that fix only this DoS bug. Instead, they will be fixing a number of recently discovered PHP vulnerabilities with the same update.

CVE-2015-4024 was allocated about a week ago. Yes, it will take some time to backport the fixes to the PHP version that RH uses, and also to test that the changes don't break anything.

Commenting on the bug and asking when the fix is going to be released is not going to help. I believe you will only get a response saying "if you have a support contract with Red Hat, please contact your support representative" or something along those lines.

No, the CentOS Project will not be diverging from the PHP that RH supplies. Your best bet at the moment is to take a deep breath, relax and wait.

[perlish]

Ok,I will wait for it.
Thanks for your reply.