https://bugs.php.net/bug.php?id=69364
Would you like to fix PHP Multipart/form-data remote dos Vulnerability ,so we can upgrade php by yum.
PHP has release the new version and patch for it.
thank you.
can you fix PHP Multipart/form-data remote dos Vulnerability
Re: can you fix PHP Multipart/form-data remote dos Vulnerabi
This is known as CVE-2015-4024. There will be a fix when Red Hat releases a fixed version. You can follow the progress at https://bugzilla.redhat.com/show_bug.cg ... -2015-4024.
Re: can you fix PHP Multipart/form-data remote dos Vulnerabi
It seems that it will take a long time to wait for the rpm from redhat
Can you upgrade the rpm by yourselfe ?
Can you upgrade the rpm by yourselfe ?
Re: can you fix PHP Multipart/form-data remote dos Vulnerabi
My impression is that RH is not going to release new PHP packages that fix only this DoS bug. Instead, they will be fixing a number of recently discovered PHP vulnerabilities with the same update.
CVE-2015-4024 was allocated about a week ago. Yes, it will take some time to backport the fixes to the PHP version that RH uses, and also to test that the changes don't break anything.
Commenting on the bug and asking when the fix is going to be released is not going to help. I believe you will only get a response saying "if you have a support contract with Red Hat, please contact your support representative" or something along those lines.
No, the CentOS Project will not be diverging from the PHP that RH supplies. Your best bet at the moment is to take a deep breath, relax and wait.
CVE-2015-4024 was allocated about a week ago. Yes, it will take some time to backport the fixes to the PHP version that RH uses, and also to test that the changes don't break anything.
Commenting on the bug and asking when the fix is going to be released is not going to help. I believe you will only get a response saying "if you have a support contract with Red Hat, please contact your support representative" or something along those lines.
No, the CentOS Project will not be diverging from the PHP that RH supplies. Your best bet at the moment is to take a deep breath, relax and wait.
Re: can you fix PHP Multipart/form-data remote dos Vulnerabi
Ok,I will wait for it.
Thanks for your reply.
Thanks for your reply.