Quoting upstream's changelog: Fixed bug #67060 <http://bugs.php.net/67060> (possible privilege escalation > due to insecure default configuration). (CVE-2014-0185)) >
Kaplan On Tue, May 6, 2014 at 12:22 PM, Louis Matthijssen <[email protected]>wrote: > Package: php5-fpm > Version: 5.5.12+dfsg-1 > Severity: important > > Dear Maintainer, > > * What led up to the situation? > I upgraded from 5.5.11+dfsg-3 to 5.5.12+dfsg-1 using apt-get upgrade. > There are no changes in the configuration by me. > After each start of php5-fpm, permissions are set to srw-rw---- by > default > for /var/run/php5-fpm.sock, causing nginx to get a permission denied > error: > [crit] 12317#0: *1140 connect() to unix:/var/run/php5-fpm.sock failed > (13: Permission denied) while connecting to upstream > * What exactly did you do (or not do) that was effective (or > ineffective)? > Using chmod 666 /var/run/php5-fpm.sock. > * What was the outcome of this action? > Permissions are restored. > > -- Package-specific info: > ==== Additional PHP 5 information ==== > > ++++ PHP 5 SAPI (php5query -S): ++++ > fpm > > ++++ PHP 5 Extensions (php5query -M -v): ++++ > pdo (Enabled for fpm by maintainer script) > pdo_mysql (Enabled for fpm by maintainer script) > gd (Enabled for fpm by maintainer script) > opcache (Enabled for fpm by maintainer script) > mysql (Enabled for fpm by maintainer script) > json (Enabled for fpm by maintainer script) > mysqli (Enabled for fpm by maintainer script) > mcrypt (Enabled for fpm by maintainer script) > > ++++ Configuration files: ++++ > [PHP] > engine = On > short_open_tag = Off > asp_tags = Off > precision = 14 > output_buffering = 4096 > zlib.output_compression = Off > implicit_flush = Off > unserialize_callback_func = > serialize_precision = 17 > disable_functions = > pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority, > disable_classes = > zend.enable_gc = On > expose_php = On > max_execution_time = 30 > max_input_time = 60 > memory_limit = 128M > error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT > display_errors = Off > display_startup_errors = Off > log_errors = On > log_errors_max_len = 1024 > ignore_repeated_errors = Off > ignore_repeated_source = Off > report_memleaks = On > track_errors = Off > html_errors = On > variables_order = "GPCS" > request_order = "GP" > register_argc_argv = Off > auto_globals_jit = On > post_max_size = 8M > auto_prepend_file = > auto_append_file = > default_mimetype = "text/html" > doc_root = > user_dir = > enable_dl = Off > file_uploads = On > upload_max_filesize = 2M > max_file_uploads = 20 > allow_url_fopen = On > allow_url_include = Off > default_socket_timeout = 60 > [CLI Server] > cli_server.color = On > [Date] > [filter] > [iconv] > [intl] > [sqlite] > [sqlite3] > [Pcre] > [Pdo] > [Pdo_mysql] > pdo_mysql.cache_size = 2000 > pdo_mysql.default_socket= > [Phar] > [mail function] > SMTP = localhost > smtp_port = 25 > mail.add_x_header = On > [SQL] > sql.safe_mode = Off > [ODBC] > odbc.allow_persistent = On > odbc.check_persistent = On > odbc.max_persistent = -1 > odbc.max_links = -1 > odbc.defaultlrl = 4096 > odbc.defaultbinmode = 1 > [Interbase] > ibase.allow_persistent = 1 > ibase.max_persistent = -1 > ibase.max_links = -1 > ibase.timestampformat = "%Y-%m-%d %H:%M:%S" > ibase.dateformat = "%Y-%m-%d" > ibase.timeformat = "%H:%M:%S" > [MySQL] > mysql.allow_local_infile = On > mysql.allow_persistent = On > mysql.cache_size = 2000 > mysql.max_persistent = -1 > mysql.max_links = -1 > mysql.default_port = > mysql.default_socket = > mysql.default_host = > mysql.default_user = > mysql.default_password = > mysql.connect_timeout = 60 > mysql.trace_mode = Off > [MySQLi] > mysqli.max_persistent = -1 > mysqli.allow_persistent = On > mysqli.max_links = -1 > mysqli.cache_size = 2000 > mysqli.default_port = 3306 > mysqli.default_socket = > mysqli.default_host = > mysqli.default_user = > mysqli.default_pw = > mysqli.reconnect = Off > [mysqlnd] > mysqlnd.collect_statistics = On > mysqlnd.collect_memory_statistics = Off > [OCI8] > [PostgreSQL] > pgsql.allow_persistent = On > pgsql.auto_reset_persistent = Off > pgsql.max_persistent = -1 > pgsql.max_links = -1 > pgsql.ignore_notice = 0 > pgsql.log_notice = 0 > [Sybase-CT] > sybct.allow_persistent = On > sybct.max_persistent = -1 > sybct.max_links = -1 > sybct.min_server_severity = 10 > sybct.min_client_severity = 10 > [bcmath] > bcmath.scale = 0 > [browscap] > [Session] > session.save_handler = files > session.use_strict_mode = 0 > session.use_cookies = 1 > session.use_only_cookies = 1 > session.name = PHPSESSID > session.auto_start = 0 > session.cookie_lifetime = 0 > session.cookie_path = / > session.cookie_domain = > session.cookie_httponly = > session.serialize_handler = php > session.gc_probability = 0 > session.gc_divisor = 1000 > session.gc_maxlifetime = 1440 > session.referer_check = > session.cache_limiter = nocache > session.cache_expire = 180 > session.use_trans_sid = 0 > session.hash_function = 0 > session.hash_bits_per_character = 5 > url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry" > [MSSQL] > mssql.allow_persistent = On > mssql.max_persistent = -1 > mssql.max_links = -1 > mssql.min_error_severity = 10 > mssql.min_message_severity = 10 > mssql.compatibility_mode = Off > mssql.secure_connection = Off > [Assertion] > [COM] > [mbstring] > [gd] > [exif] > [Tidy] > tidy.clean_output = Off > [soap] > soap.wsdl_cache_enabled=1 > soap.wsdl_cache_dir="/tmp" > soap.wsdl_cache_ttl=86400 > soap.wsdl_cache_limit = 5 > [sysvshm] > [ldap] > ldap.max_links = -1 > [mcrypt] > [dba] > [opcache] > [curl] > > **** /etc/php5/fpm/conf.d/10-pdo.ini **** > extension=pdo.so > > **** /etc/php5/fpm/conf.d/20-gd.ini **** > extension=gd.so > > **** /etc/php5/fpm/conf.d/20-mysqli.ini **** > extension=mysqli.so > > **** /etc/php5/fpm/conf.d/20-mcrypt.ini **** > extension=mcrypt.so > > **** /etc/php5/fpm/conf.d/20-pdo_mysql.ini **** > extension=pdo_mysql.so > > **** /etc/php5/fpm/conf.d/05-opcache.ini **** > zend_extension=opcache.so > > **** /etc/php5/fpm/conf.d/20-mysql.ini **** > extension=mysql.so > > **** /etc/php5/fpm/conf.d/20-json.ini **** > extension=json.so > > > -- System Information: > Debian Release: jessie/sid > APT prefers unstable > APT policy: (500, 'unstable') > Architecture: amd64 (x86_64) > > Kernel: Linux 3.14-1-amd64 (SMP w/1 CPU core) > Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) > Shell: /bin/sh linked to /bin/dash > > Versions of packages php5-fpm depends on: > ii dpkg 1.17.9 > ii init-system-helpers 1.18 > ii libbz2-1.0 1.0.6-5 > ii libc6 2.18-5 > ii libcomerr2 1.42.9-3 > ii libdb5.3 5.3.28-3 > ii libgssapi-krb5-2 1.12.1+dfsg-1 > ii libk5crypto3 1.12.1+dfsg-1 > ii libkrb5-3 1.12.1+dfsg-1 > ii libmagic1 1:5.18-1 > ii libonig2 5.9.1-1 > ii libpcre3 1:8.31-5 > ii libqdbm14 1.8.78-3+b1 > ii libssl1.0.0 1.0.1g-3 > ii libsystemd-daemon0 204-10 > ii libxml2 2.9.1+dfsg1-3 > ii mime-support 3.54 > ii php5-common 5.5.12+dfsg-1 > ii php5-json 1.3.5-1 > ii tzdata 2014b-1 > ii ucf 3.0028 > ii zlib1g 1:1.2.8.dfsg-1 > > php5-fpm recommends no packages. > > Versions of packages php5-fpm suggests: > pn php-pear <none> > > Versions of packages php5-common depends on: > ii libc6 2.18-5 > ii lsof 4.86+dfsg-1 > ii psmisc 22.21-2 > ii sed 4.2.2-4 > ii ucf 3.0028 > > Versions of packages php5-common suggests: > pn php5-user-cache <none> > > -- no debconf information > > _______________________________________________ > pkg-php-maint mailing list > [email protected] > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-php-maint >
