Here are updated packages in the Yum repository:
- PHP 5.3.28 release 3 for RHEL/CentOS 5 CVE-2014-0185 security fix patched
As with the previous post, this PHP 5.3.28 release fixes CVE-2014-0185, which was causing PHP-fpm to create a world-writeable unix socket if unix sockets were used and the listen.mode configuration setting not changed. However, this fix, as it reduces the permissions of the unix socket, may cause some server setups that relied on this to fail. See the previous post for more information.
PHP.net hasn’t yet released a security fix themselves for PHP 5.3.