Bug 278161 (CVE-2007-4660, CVE-2007-4661)

Summary: CVE-2007-4661 php size calculation in chunk_split
Product: [Other] Security Response Reporter: Joe Orton <jorton>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: eric.eisenhart, vdanen
Target Milestone: ---Keywords: Reopened
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4661
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-01-28 22:59:17 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 297901    
Bug Blocks:    

Description Joe Orton 2007-09-05 10:32:07 UTC 
http://www.php.net/releases/5_2_4.php

# Fixed size calculation in chunk_split() (Reported by Gerhard Wagner)
Comment 2 Joe Orton 2007-09-05 12:58:47 UTC 
This issue was due to an incomplete fix for CVE-2007-2872 (CVE-2007-2872), which
has not been applied in Red Hat Enterprise Linux v2-5, nor Red Hat Application
Stack v1.
Comment 5 Vincent Danen 2010-01-28 22:59:17 UTC 
I'm also adding CVE-2007-4660 to this issue as there is some confusion surrounding CVE-2007-4660 and how it pertains to CVE-2007-4661.

CVE-2007-2872 was partially fixed in upstream PHP 5.2.3, but the code remained vulnerable to attack.  This remaining vulnerability was named CVE-2007-4661.  While this was fixed upstream in PHP 5.2.4, it took two separate commits to fully fix it, resulting in (likely by mistake) two separate entries in the NEWS file, which resulted in CVE-2007-4660 being assigned to the second (arguably duplicate) CVE.

Because the incomplete fix for CVE-2007-2872 had not been applied to PHP packages in Red Hat Enterprise Linux 2 through 5, nor Red Hat Application Stack v1, neither CVE-2007-4660 or CVE-2007-4661 are applicable.  The fix provided for Red Hat Application Stack v2 corrected both CVEs, via RHSA-2007:0917:

https://rhn.redhat.com/errata/RHSA-2007-0917.html