[debian-edu-commits] [Git][debian-edu/debian-edu-config][bullseye-security] 2 commits: debian/NEWS: Add file, inform about PHP being disabled in Apache2 user directories.
Mike Gabriel (@sunweaver)
gitlab at salsa.debian.org
Sat Feb 5 11:13:45 GMT 2022
Mike Gabriel pushed to branch bullseye-security at Debian Edu / debian-edu-config
Commits:
ed0dca83 by Mike Gabriel at 2022-02-04T13:15:02+01:00
debian/NEWS: Add file, inform about PHP being disabled in Apache2 user directories.
- - - - -
b049aa92 by Mike Gabriel at 2022-02-04T13:17:55+01:00
debian/NEWS: amend typo fixes
- - - - -
2 changed files:
- + debian/NEWS
- debian/changelog
Changes:
=====================================
debian/NEWS
=====================================
@@ -0,0 +1,15 @@
+debian-edu-config (2.11.56+deb11u3) bullseye-security; urgency=medium
+
+ CVE-2021-20001: For mitigating potential privilege escalations that
+ could be caused by malicious PHP scripts in Apache2-accessible user
+ directories (i.e. PHP files placed into ~/public_html) on the Debian
+ Edu mainserver, the PHP engine is now disabled for Apache2 user
+ directories (see /etc/apache2/mods-enabled/debian-edu-userdir.conf).
+
+ However, if PHP functionality is required for Apache2 user directories
+ for educational purposes, an alternative configuration approach is provided
+ in:
+
+ /usr/share/doc/debian-edu-config/README.public_html_with_PHP-CGI+suExec.md
+
+ -- Mike Gabriel <sunweaver at debian.org> Fri, 04 Feb 2022 12:14:05 +0100
=====================================
debian/changelog
=====================================
@@ -8,6 +8,8 @@ debian-edu-config (2.11.56+deb11u3) UNRELEASED; urgency=medium
* README.public_html_with_PHP-CGI+suExec.md:
- Provide documentation on how to enable suExec support in https userdirs
(i.e. ~/public_html).
+ * debian/NEWS:
+ + Add file, inform about PHP being disabled in Apache2 user directories.
-- Mike Gabriel <sunweaver at debian.org> Wed, 19 Jan 2022 21:38:17 +0100
View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/-/compare/f5988a0fcfab0284d46025603de68a3d2f23ab8e...b049aa92e1e0a86dcc99de1e511c4147e7d376ac
--
View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/-/compare/f5988a0fcfab0284d46025603de68a3d2f23ab8e...b049aa92e1e0a86dcc99de1e511c4147e7d376ac
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-edu-commits/attachments/20220205/9fda0be0/attachment.htm>
More information about the debian-edu-commits
mailing list