Bug 1116532

Summary: PHP 5.3 vulnerability leading to potential SSL key leakage
Product: Red Hat Enterprise Linux 6 Reporter: Loganaden Velvindron <logan>
Component: phpAssignee: Remi Collet <rcollet>
Status: CLOSED DUPLICATE QA Contact: BaseOS QE - Apps <qe-baseos-apps>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 6.7CC: logan
Target Milestone: rcKeywords: Security, SecurityTracking
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Release Note
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-07-07 08:39:06 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1116662    
Attachments:
Description Flags
PHP 5.3 infoleak vulnerability patch none

Description Loganaden Velvindron 2014-07-05 21:24:30 UTC 
Created attachment 914870 [details]
PHP 5.3 infoleak vulnerability patch

Description of problem:
PHP infoleak vulnerability that can potentially be used to leak private SSL keys

Version-Release number of selected component (if applicable):
5.x

How reproducible:
Please see:

https://www.sektioneins.de/en/blog/14-07-04-phpinfo-infoleak.html
Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 2 Huzaifa S. Sidhpurwala 2014-07-07 08:39:06 UTC 

*** This bug has been marked as a duplicate of bug 1116662 ***