1

Topic: Urgent security issue in NGINX/php-fpm?

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 0.9.8
- Deployed with iRedMail Easy or the downloadable installer? Installer
- Linux/BSD distribution name and version: Ubuntu 18.04
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
====

I've got a question. Some days ago the Nextcloud-devs reported a security issue in PHP/Nginx:

https://help.nextcloud.com/t/urgent-sec … -fpm/62665

Is IRedmail also affected by this? And what can you do about it?

Thanks in advance!

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Urgent security issue in NGINX/php-fpm?

Every php-fpm setup is affected. You need to upgrade to the most recent supported PHP 7.x version ASAP.

3

Re: Urgent security issue in NGINX/php-fpm?

I posted a thread about this PHP issue days ago:
https://forum.iredmail.org/topic16157-a … hpfpm.html