- Urgent security issue in NGINX/php-fpm - CVE-2019-11043
Just a follow up to the temp fix. You can keep access from a specific IP via the following.
sudo ufw insert 1 allow from <IP> to any port 443 sudo ufw insert 2 deny 443
Can remove these rules via:
sudo ufw status numbered sudo ufw delete 1 sudo ufw delete 2
root@box:~# ufw insert 2 deny 443
Skipping inserting existing rule
Skipping inserting existing rule (v6)
Not working as you showed.
It appears that you need to
sudo ufw status numbered
then delete the two rules for port 443 using
sudo ufw delete # once for each appearance …
then you can do
sudo ufw insert 2 deny 443
Mitigation info from NextCloud: https://nextcloud.com/blog/urgent-security-issue-in-nginx-php-fpm/
@JoshData have you consider switching to the PPA. It’s at 7.2.24.
We stick with stock Ubuntu packages as much as possible to minimize the “attack surface,” the ways that an attacker could compromise a system.