php

• Author: kikadf
• Vulnerable: 5.3.26-2arcturus1
• Unaffected: 5.3.26-2arcturus2

The default PHP FPM socket permission has been changed from 0666 to 0660 to mitigate a security vulnerability (CVE-2014-0185) in PHP FPM that allowed any local user to run a PHP code under the active user of FPM process via crafted FastCGI client. Denial of service in the CDF parser of the fileinfo module. (CVE-2014-0237,0238) Denial of service in the fileinfo module. (CVE-2014-2270)

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0185
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270