[debian-edu-commits] [Git][debian-edu/debian-edu-config][bullseye-security] 2 commits: debian/NEWS: Add file, inform about PHP being disabled in Apache2 user directories.

Mike Gabriel (@sunweaver) gitlab at salsa.debian.org
Sat Feb 5 11:13:45 GMT 2022 


Mike Gabriel pushed to branch bullseye-security at Debian Edu / debian-edu-config


Commits:
ed0dca83 by Mike Gabriel at 2022-02-04T13:15:02+01:00
debian/NEWS: Add file, inform about PHP being disabled in Apache2 user directories.

- - - - -
b049aa92 by Mike Gabriel at 2022-02-04T13:17:55+01:00
debian/NEWS: amend typo fixes

- - - - -


2 changed files:

- + debian/NEWS
- debian/changelog


Changes:

=====================================
debian/NEWS
=====================================
@@ -0,0 +1,15 @@
+debian-edu-config (2.11.56+deb11u3) bullseye-security; urgency=medium
+
+    CVE-2021-20001: For mitigating potential privilege escalations that
+    could be caused by malicious PHP scripts in Apache2-accessible user
+    directories (i.e. PHP files placed into ~/public_html) on the Debian
+    Edu mainserver, the PHP engine is now disabled for Apache2 user
+    directories (see /etc/apache2/mods-enabled/debian-edu-userdir.conf).
+
+    However, if PHP functionality is required for Apache2 user directories
+    for educational purposes, an alternative configuration approach is provided
+    in:
+
+    /usr/share/doc/debian-edu-config/README.public_html_with_PHP-CGI+suExec.md
+
+ -- Mike Gabriel <sunweaver at debian.org>  Fri, 04 Feb 2022 12:14:05 +0100


=====================================
debian/changelog
=====================================
@@ -8,6 +8,8 @@ debian-edu-config (2.11.56+deb11u3) UNRELEASED; urgency=medium
   * README.public_html_with_PHP-CGI+suExec.md:
     - Provide documentation on how to enable suExec support in https userdirs
       (i.e. ~/public_html).
+  * debian/NEWS:
+    + Add file, inform about PHP being disabled in Apache2 user directories.
 
  -- Mike Gabriel <sunweaver at debian.org>  Wed, 19 Jan 2022 21:38:17 +0100
 



View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/-/compare/f5988a0fcfab0284d46025603de68a3d2f23ab8e...b049aa92e1e0a86dcc99de1e511c4147e7d376ac

-- 
View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/-/compare/f5988a0fcfab0284d46025603de68a3d2f23ab8e...b049aa92e1e0a86dcc99de1e511c4147e7d376ac
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-edu-commits/attachments/20220205/9fda0be0/attachment.htm>

More information about the debian-edu-commits mailing list