MGASA-2014-0215
Advisory lineage Upstream: 1 Downstream: 0
Upstream
Published: 14 May 2014, 22:02
Last modified:16 Apr 2026, 06:26
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
14 May 2014, 22:02
Published
Vulnerability first disclosed
16 Apr 2026, 06:26
Last Modified
Vulnerability information updated
Description
Updated php packages fix CVE-2014-0185 Updated php packages fix security vulnerability: PHP FPM in PHP versions before 5.4.28 and 5.5.12 uses a UNIX domain socket with world-writable permissions by default, which allows any local user to connect to it and execute PHP scripts as the apache user (CVE-2014-0185). Additionally updated php-suhosin package corrects an issue which could cause a segfault in apache. Also updated is php-timezonedb.
Affected Systems
- mageia•php
< 5.4.28-1.mga3
- mageia•php-apc
< 3.1.14-7.8.mga3
- mageia•php-gd-bundled
< 5.4.28-1.mga3
- mageia•php-suhosin
< 0.9.35-1.mga3
- mageia•php-timezonedb
< 2014.3-1.mga3
- mageia•php
< 5.5.12-1.mga4
- mageia•php-apc
< 3.1.15-4.3.mga4
- mageia•php-suhosin
< 0.9.35-1.mga4
- mageia•php-timezonedb
< 2014.3-1.mga4
References (6)
- https://advisories.mageia.org/MGASA-2014-0215.html
- http://openwall.com/lists/oss-security/2014/04/29/5
- http://www.php.net/ChangeLog-5.php#5.4.28
- http://www.php.net/ChangeLog-5.php#5.5.12
- https://lists.fedoraproject.org/pipermail/package-announce/2014-May/132546.html
- https://bugs.mageia.org/show_bug.cgi?id=13290