7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
15.7%
Updated php packages fix security vulnerability: PHP FPM in PHP versions before 5.4.28 and 5.5.12 uses a UNIX domain socket with world-writable permissions by default, which allows any local user to connect to it and execute PHP scripts as the apache user (CVE-2014-0185). Additionally updated php-suhosin package corrects an issue which could cause a segfault in apache. Also updated is php-timezonedb.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 3 | noarch | php | < 5.4.28-1 | php-5.4.28-1.mga3 |
Mageia | 3 | noarch | php-gd-bundled | < 5.4.28-1 | php-gd-bundled-5.4.28-1.mga3 |
Mageia | 3 | noarch | php-apc | < 3.1.14-7.8 | php-apc-3.1.14-7.8.mga3 |
Mageia | 3 | noarch | php-suhosin | < 0.9.35-1 | php-suhosin-0.9.35-1.mga3 |
Mageia | 3 | noarch | php-timezonedb | < 2014.3-1 | php-timezonedb-2014.3-1.mga3 |
Mageia | 4 | noarch | php | < 5.5.12-1 | php-5.5.12-1.mga4 |
Mageia | 4 | noarch | php-apc | < 3.1.15-4.3 | php-apc-3.1.15-4.3.mga4 |
Mageia | 4 | noarch | php-suhosin | < 0.9.35-1 | php-suhosin-0.9.35-1.mga4 |
Mageia | 4 | noarch | php-timezonedb | < 2014.3-1 | php-timezonedb-2014.3-1.mga4 |