Advisories ยป MGASA-2014-0215

Updated php packages fix CVE-2014-0185

Publication date: 14 May 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-0185

Description

Updated php packages fix security vulnerability:

PHP FPM in PHP versions before 5.4.28 and 5.5.12 uses a UNIX domain socket
with world-writable permissions by default, which allows any local user to
connect to it and execute PHP scripts as the apache user (CVE-2014-0185).

Additionally updated php-suhosin package corrects an issue which could 
cause a segfault in apache. Also updated is php-timezonedb.
                

References

SRPMS

3/core

4/core