FreePBX | Register | Issues | Wiki | Portal | Support

FreePBX 14 php 5.6.36 vulnerability

(Srcfreepbx) #1

I’m getting flags from my nessus vulnerability scanner for my FreePBX 14 about php 5.6.36, regarding CVE-2018-19935 and CVE-2018-19158. Recommended action is to upgrade to php >= 5.6.39, I’m wondering if this is something that should be done manually, or will the upgrade come through official channels.
Anyone else having the same issue?


(Jared Busch) #2

Run yum update You will upgrade to php5.6.40



(Srcfreepbx) #3

Lol, thanks for the news! That must have been released tonight, because update was not available to me this afternoon.

Now I wish I had more patience before engaging with my security office…

(Srcfreepbx) #4

Screenshot after checking for updates:

(Andrew Nagy) #5

Yes! I built it after reading this thread. Enjoy!

(Now I just have to get time to build asterisk…)

(Jared Busch) #6

Sneaky, sneaky

(Srcfreepbx) #7

Too bad I can only give you one like!

(system) closed #8

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.