Mandriva Linux Security Advisory : php (MDVSA-2014:087)
High Nessus Plugin ID 74029
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionA vulnerability has been discovered and corrected in php :
PHP FPM in PHP versions before 5.4.28 and 5.5.12 uses a UNIX domain socket with world-writable permissions by default, which allows any local user to connect to it and execute PHP scripts as the apache user (CVE-2014-0185).
The updated php packages have been upgraded to the 5.5.12 version which is not vulnerable to this issue.
Additionally, the timezonedb packages has been upgraded to the latest 2014.3 version, the php-suhosin packages has been upgraded to the latest 0.9.35 version which has better support for php-5.5 and the PECL packages which requires so has been rebuilt for php-5.5.12.
SolutionUpdate the affected packages.