VDB

GCVE-110-MAGEIA-2014-215

GCVE-110-MAGEIA-2014-215
Advisory Published
Vulnetix · Advisory published May 14, 2014
Updated php packages fix security vulnerability: PHP FPM in PHP versions before 5.4.28 and 5.5.12 uses a UNIX domain socket with world-writable permissions by default, which allows any local user to connect to it and execute PHP scripts as the apache user (CVE-2014-0185). Additionally updated php-suhosin package corrects an issue which could cause a segfault in apache. Also updated is php-timezonedb.

Affected Products

VendorProductVersionsPlatforms
Mageiaphp-apc0 (affected), 0 (affected), 3.1.14-7.8.mga3 (unaffected), 3.1.14-7.8.mga3 (unaffected)
Mageiaphp-suhosin0 (affected), 0.9.35-1.mga3 (unaffected), 0.9.35-1.mga3 (unaffected), 0 (affected)
Mageiaphp-timezonedb0 (affected), 2014.3-1.mga3 (unaffected), 0 (affected), 2014.3-1.mga3 (unaffected)
Mageiapitivi0 (affected), 0.92-4.1.mga4 (unaffected)
Mageiaphp-timezonedb0 (affected), 2014.3-1.mga4 (unaffected), 2014.3-1.mga4 (unaffected), 0 (affected)
Mageiaphp0 (affected), 5.5.12-1.mga4 (unaffected), 5.5.12-1.mga4 (unaffected), 0 (affected)
Mageiaphp-gd-bundled0 (affected), 5.4.28-1.mga3 (unaffected), 0 (affected), 5.4.28-1.mga3 (unaffected)
Mageiaphp-suhosin0.9.35-1.mga4 (unaffected), 0 (affected), 0 (affected), 0.9.35-1.mga4 (unaffected)
Mageiaphp0 (affected), 5.4.28-1.mga3 (unaffected), 0 (affected), 5.4.28-1.mga3 (unaffected)
Mageiaphp-apc0 (affected), 3.1.15-4.3.mga4 (unaffected), 0 (affected), 3.1.15-4.3.mga4 (unaffected)

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›