VDB
GCVE-110-MAGEIA-2014-215
GCVE-110-MAGEIA-2014-215
Advisory Published
Updated php packages fix security vulnerability:
PHP FPM in PHP versions before 5.4.28 and 5.5.12 uses a UNIX domain socket
with world-writable permissions by default, which allows any local user to
connect to it and execute PHP scripts as the apache user (CVE-2014-0185).
Additionally updated php-suhosin package corrects an issue which could
cause a segfault in apache. Also updated is php-timezonedb.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | php-apc | 0 (affected), 0 (affected), 3.1.14-7.8.mga3 (unaffected), 3.1.14-7.8.mga3 (unaffected) | — |
| Mageia | php-suhosin | 0 (affected), 0.9.35-1.mga3 (unaffected), 0.9.35-1.mga3 (unaffected), 0 (affected) | — |
| Mageia | php-timezonedb | 0 (affected), 2014.3-1.mga3 (unaffected), 0 (affected), 2014.3-1.mga3 (unaffected) | — |
| Mageia | pitivi | 0 (affected), 0.92-4.1.mga4 (unaffected) | — |
| Mageia | php-timezonedb | 0 (affected), 2014.3-1.mga4 (unaffected), 2014.3-1.mga4 (unaffected), 0 (affected) | — |
| Mageia | php | 0 (affected), 5.5.12-1.mga4 (unaffected), 5.5.12-1.mga4 (unaffected), 0 (affected) | — |
| Mageia | php-gd-bundled | 0 (affected), 5.4.28-1.mga3 (unaffected), 0 (affected), 5.4.28-1.mga3 (unaffected) | — |
| Mageia | php-suhosin | 0.9.35-1.mga4 (unaffected), 0 (affected), 0 (affected), 0.9.35-1.mga4 (unaffected) | — |
| Mageia | php | 0 (affected), 5.4.28-1.mga3 (unaffected), 0 (affected), 5.4.28-1.mga3 (unaffected) | — |
| Mageia | php-apc | 0 (affected), 3.1.15-4.3.mga4 (unaffected), 0 (affected), 3.1.15-4.3.mga4 (unaffected) | — |
Aliases
References
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.