search

dwchiang / nginx-php-fpm

Running Cloud Native Laravel/PHP app with nginx + php-fpm 8.2/8.1/8.0/7.4/7.3 across amd64, arm64 arch.
https://hub.docker.com/r/dwchiang/nginx-php-fpm
Apache License 2.0
163 stars 35 forks source link

Security update #7

Closed lutifyme closed 2 years ago

lutifyme commented 2 years ago

Hello,

PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12 are vulnerable to privilege escalation vulnerability. The vulnerability allows the root FPM process to read/write at arbitrary locations using pointers located in the SHM (Shared memory), leading to a privilege escalation from www-data to root. Vulnerability applies only to PHP-FPM.

See here: https://bugs.php.net/bug.php?id=81026

It would be nice if the updated and patched versions could be included.

dwchiang commented 2 years ago

Thank you for the heads-up.

dwchiang commented 2 years ago

Uploading images of FPM 7.3.32, 7.4.25, 8.0.12 in both Docker Hub, and AWS ECR Public.

I will update Dockerfiles in this repo later today.

lutifyme commented 2 years ago

Thanks for your prompt response