FreePBX | Register | Issues | Wiki | Portal | Support

FreePBX 14 php 5.6.36 vulnerability


(Srcfreepbx) #1

Hi,
I’m getting flags from my nessus vulnerability scanner for my FreePBX 14 about php 5.6.36, regarding CVE-2018-19935 and CVE-2018-19158. Recommended action is to upgrade to php >= 5.6.39, I’m wondering if this is something that should be done manually, or will the upgrade come through official channels.
Anyone else having the same issue?

Thanks


(Jared Busch) #2

Run yum update You will upgrade to php5.6.40

or

image


(Srcfreepbx) #3

Lol, thanks for the news! That must have been released tonight, because update was not available to me this afternoon.

Now I wish I had more patience before engaging with my security office…


(Srcfreepbx) #4

Screenshot after checking for updates:


(Andrew Nagy) #5

Yes! I built it after reading this thread. Enjoy!

(Now I just have to get time to build asterisk…)


(Jared Busch) #6

Sneaky, sneaky


(Srcfreepbx) #7

Too bad I can only give you one like!


(system) closed #8

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.