Bug 782951 (CVE-2012-0781)
| Summary: | CVE-2012-0781 php: tidy_diagnose() NULL pointer dereference may cause DoS | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Vincent Danen <vdanen> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | fedora, jorton, rpm |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | php 5.3.9 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2012-06-27 17:15:50 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 830729, 830730 | ||
| Bug Blocks: | 782956, 835959 | ||
|
Description
Vincent Danen
2012-01-18 22:34:43 UTC
This should be corrected in 5.3.9, as per this note in the PHP 5.3.9 changelog: Fixed bug #54682 (Tidy::diagnose() NULL pointer dereference). (Maksymilian Arciemowicz, Felipe) The upstream commit to fix is here: http://svn.php.net/viewvc?view=revision&revision=319254 This issue affects the version of php as shipped with Red Hat Enterprise Linux 6. This issue did not affect the version of php as shipped with Red Hat Enterprise Linux 4 and 5. This issue did not affect the version of php53 as shipped with Red Hat Enterprise Linux 5. Since neither of these packages ship the standard PHP module providing tidy library support. This issue did not affect the version of php as shipped with Fedora 15 and Fedora 16. This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2012:1046 https://rhn.redhat.com/errata/RHSA-2012-1046.html |