Latest Updates, PHP 5.3.28 updated with CVE-2014-0185 fix

Here are updated packages in the Yum repository:

As with the previous post, this PHP 5.3.28 release fixes CVE-2014-0185, which was causing PHP-fpm to create a world-writeable unix socket if unix sockets were used and the listen.mode configuration setting not changed. However, this fix, as it reduces the permissions of the unix socket, may cause some server setups that relied on this to fail. See the previous post for more information.

PHP.net hasn’t yet released a security fix themselves for PHP 5.3.

Published by

Andy Thompson

Senior Technical Consultant on enterprise web projects, with interests in open-source development, a little bit of finance, and poker.

Leave a Reply

Your email address will not be published. Required fields are marked *