PHP uses a strtod() implementation using code written by David M. Gay. This code was previously identified to contain a flaw leading to a heap based buffer overflow when overly long string representing a floating point number is parsed to a number. The problem was assigned CVE ids CVE-2009-0689 (bug 539784) and CVE-2013-4164 (bug 1033460) and was fixed in various other projects re-using this affected code. The problem was already corrected in PHP before the security issue was identified and CVE-2009-0689 assigned, via the following upstream commit: http://git.php.net/?p=php-src.git;a=commitdiff;h=37da90248deb2188e8ee50e4753ad6340679b425 The fix was included in PHP 5.2.2. This wasn't identified as security fix, or mentioned in the changelog for that PHP release: http://www.php.net/ChangeLog-5.php#5.2.2 Problem can be triggered remotely if PHP application handles value from a request as numeric / floating point. This issue affects php packages in Red Hat Enterprise Linux 5. The php53 in Red Hat Enterprise Linux 5 and php packages in Red Hat Enterprise Linux 6 are based on fixed upstream version and are therefore unaffected. The php packages in Red Hat Enterprise Linux 4 and older do not contain vulnerable code.
Making the bug public.
This issue has been addressed in following products: Red Hat Enterprise Linux 5.9 EUS - Server Only Red Hat Enterprise Linux 5.3 Long Life Red Hat Enterprise Linux 5.6 Long Life Via RHSA-2014:0312 https://rhn.redhat.com/errata/RHSA-2014-0312.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2014:0311 https://rhn.redhat.com/errata/RHSA-2014-0311.html