Bug 618785 (CVE-2010-2100, MOPS-2010-036, MOPS-2010-037, MOPS-2010-038, MOPS-2010-039, MOPS-2010-040)
Summary: | CVE-2010-2100 php: multiple interruption vulnerabilities (MOPS-2010-03[6789], MOPS-2010-040) | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> | ||||||||||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||||||||||
Status: | CLOSED DUPLICATE | QA Contact: | |||||||||||||
Severity: | unspecified | Docs Contact: | |||||||||||||
Priority: | unspecified | ||||||||||||||
Version: | unspecified | CC: | jorton | ||||||||||||
Target Milestone: | --- | Keywords: | Security | ||||||||||||
Target Release: | --- | ||||||||||||||
Hardware: | All | ||||||||||||||
OS: | Linux | ||||||||||||||
Whiteboard: | |||||||||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||||||||
Doc Text: | Story Points: | --- | |||||||||||||
Clone Of: | Environment: | ||||||||||||||
Last Closed: | 2010-07-27 18:08:37 UTC | Type: | --- | ||||||||||||
Regression: | --- | Mount Type: | --- | ||||||||||||
Documentation: | --- | CRM: | |||||||||||||
Verified Versions: | Category: | --- | |||||||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||||||
Embargoed: | |||||||||||||||
Attachments: |
|
Description
Tomas Hoger
2010-07-27 17:57:07 UTC
Created attachment 434788 [details]
MOPS-2010-036 reproducer
Created attachment 434789 [details]
MOPS-2010-037 reproducer
Created attachment 434790 [details]
MOPS-2010-038 reproducer
Created attachment 434791 [details]
MOPS-2010-039 reproducer
Created attachment 434792 [details]
MOPS-2010-040 reproducer
Upstream commits added in 5.3.3: http://svn.php.net/viewvc?view=revision&revision=298945 http://svn.php.net/viewvc?view=revision&revision=299240 More info on the impact of the interruption vulnerabilities - bug #617578, comment #3. *** This bug has been marked as a duplicate of bug 169857 *** Statement: Red Hat does not consider interruption issues allowing safe_mode / open_basedir restriction bypass to be security sensitive. For more details see https://bugzilla.redhat.com/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php *** Bug 618825 has been marked as a duplicate of this bug. *** |