[Bug 1307027] Re: php5-fpm: Possible privilege escalation due to insecure default permissions of sockets

2014-06-25 Thread Marc Deslauriers
A fix for the socket permissions is being handled in bug 1334337 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/1307027 Title: php5-fpm: Possible privilege escalation due to insecure

[Bug 1307027] Re: php5-fpm: Possible privilege escalation due to insecure default permissions of sockets

2014-06-24 Thread Jeff Waugh
I'm worried this fix might be broken: I upgraded php5-fpm on my 14.04 system, and the socket was changed to root:root rather than root:www- data, so nginx could no longer connect to it. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to

[Bug 1307027] Re: php5-fpm: Possible privilege escalation due to insecure default permissions of sockets

2014-06-24 Thread Jeff Waugh
Yep, reproduced it on another system. Temporary fix: sudo chown :www-data /var/run/php5-fpm.sock Configuration fix: Uncomment listen.group = www-data in /etc/php5/fpm/pool.d/www.conf -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to

[Bug 1307027] Re: php5-fpm: Possible privilege escalation due to insecure default permissions of sockets

2014-06-23 Thread Launchpad Bug Tracker
This bug was fixed in the package php5 - 5.5.3+dfsg-1ubuntu2.4 --- php5 (5.5.3+dfsg-1ubuntu2.4) saucy-security; urgency=medium * SECURITY UPDATE: incorrect FastCGI socket permissions (LP: #1307027) - debian/patches/CVE-2014-0185.patch: default to 0660 in

[Bug 1307027] Re: php5-fpm: Possible privilege escalation due to insecure default permissions of sockets

2014-06-23 Thread Launchpad Bug Tracker
This bug was fixed in the package php5 - 5.3.10-1ubuntu3.12 --- php5 (5.3.10-1ubuntu3.12) precise-security; urgency=medium * SECURITY UPDATE: incorrect FastCGI socket permissions (LP: #1307027) - debian/patches/CVE-2014-0185.patch: default to 0660 in

[Bug 1307027] Re: php5-fpm: Possible privilege escalation due to insecure default permissions of sockets

2014-05-02 Thread snafu109
** Bug watch added: bugs.php.net/ #67060 http://bugs.php.net/bug.php?id=67060 ** Also affects: php via http://bugs.php.net/bug.php?id=67060 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Server Team, which is

[Bug 1307027] Re: php5-fpm: Possible privilege escalation due to insecure default permissions of sockets

2014-04-30 Thread Marc Deslauriers
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/1307027 Title: php5-fpm: Possible privilege escalation due to

[Bug 1307027] Re: php5-fpm: Possible privilege escalation due to insecure default permissions of sockets

2014-04-30 Thread Ubuntu Foundations Team Bug Bot
The attachment Official upstream patch seems to be a patch. If it isn't, please remove the patch flag from the attachment, remove the patch tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team. [This is an automated message performed by a Launchpad user owned by