[php-maint] Bug#687418: Updating php5 to 5.4.4-5 broke FastCGI setup on my machine

Konstantin Khomoutov flatworm at users.sourceforge.net
Mon Sep 17 18:11:40 UTC 2012

On Mon, 17 Sep 2012 18:53:50 +0200
Christoph Anton Mitterer <calestyo at scientia.net> wrote:


Sorry for skipping the rest -- will come back to it later.

> btw:
> This:
> FCGIWrapper  /usr/bin/php-cgi .php
> may (I haven't checked) be vulnerable to the foo.php.jpeg issue.

Yes, seems vulnerable: I've created a foo.php.jpeg file containing
and tried to request in in the browser -- I got 500 and

[Mon Sep 17 22:00:40 2012] [warn] [client] (104)
Connection reset by peer: mod_fcgid: error reading data from FastCGI
[Mon Sep 17 22:00:40 2012] [error] [client]
Premature end of script headers: test.php.jpeg

in the logs.

With the

<FilesMatch ".+\.ph(p[345]?|t|tml)$">
    SetHandler fcgid-script
    FcgidWrapper /usr/bin/php-cgi

snippet, all works sensibly: test.php.jpeg is sent as-is and is not
tried to be interpreted.

More information about the pkg-php-maint mailing list