FreePBX 14 php 5.6.36 vulnerability

I’m getting flags from my nessus vulnerability scanner for my FreePBX 14 about php 5.6.36, regarding CVE-2018-19935 and CVE-2018-19158. Recommended action is to upgrade to php >= 5.6.39, I’m wondering if this is something that should be done manually, or will the upgrade come through official channels.
Anyone else having the same issue?


Run yum update You will upgrade to php5.6.40



1 Like

Lol, thanks for the news! That must have been released tonight, because update was not available to me this afternoon.

Now I wish I had more patience before engaging with my security office…

Screenshot after checking for updates:

Yes! I built it after reading this thread. Enjoy!

(Now I just have to get time to build asterisk…)


Sneaky, sneaky

Too bad I can only give you one like!

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.