A fix for the socket permissions is being handled in bug 1334337
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in Ubuntu.
https://bugs.launchpad.net/bugs/1307027
Title:
php5-fpm: Possible privilege escalation due to insecure d
Yep, reproduced it on another system.
Temporary fix: sudo chown :www-data /var/run/php5-fpm.sock
Configuration fix: Uncomment "listen.group = www-data" in
/etc/php5/fpm/pool.d/www.conf
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to p
I'm worried this fix might be broken: I upgraded php5-fpm on my 14.04
system, and the socket was changed to root:root rather than root:www-
data, so nginx could no longer connect to it.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to ph
This bug was fixed in the package php5 - 5.3.10-1ubuntu3.12
---
php5 (5.3.10-1ubuntu3.12) precise-security; urgency=medium
* SECURITY UPDATE: incorrect FastCGI socket permissions (LP: #1307027)
- debian/patches/CVE-2014-0185.patch: default to 0660 in
sapi/fpm/fpm/fpm_unix.
This bug was fixed in the package php5 - 5.5.3+dfsg-1ubuntu2.4
---
php5 (5.5.3+dfsg-1ubuntu2.4) saucy-security; urgency=medium
* SECURITY UPDATE: incorrect FastCGI socket permissions (LP: #1307027)
- debian/patches/CVE-2014-0185.patch: default to 0660 in
sapi/fpm/fpm/fpm_u
** Bug watch added: bugs.php.net/ #67060
http://bugs.php.net/bug.php?id=67060
** Also affects: php via
http://bugs.php.net/bug.php?id=67060
Importance: Unknown
Status: Unknown
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribe
The attachment "Official upstream patch" seems to be a patch. If it
isn't, please remove the "patch" flag from the attachment, remove the
"patch" tag, and if you are a member of the ~ubuntu-reviewers,
unsubscribe the team.
[This is an automated message performed by a Launchpad user owned by
~bria
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in Ubuntu.
https://bugs.launchpad.net/bugs/1307027
Title:
php5-fpm: Possible privilege escalation due to insecu