Red Hat Bugzilla – Bug 1255780
CVE-2015-6527 php: Arbitrary code execution in str_ireplace function
Last modified: 2016-05-19 10:33:43 EDT
A vulnerability was found in function str_ireplace, where the third arguments type $subject is not checked.
It is possible to control assembly registers, which could lead to arbitrary code execution.
Affected version is php 7.0.
Created php tracking bugs for this issue:
Affects: fedora-all [bug 1256315]
This issue did not affect the versions of php and php53 as shipped with Red Hat Enterprise Linux 5 and the versions of php as shipped with Red Hat Enterprise Linux 6 and 7.
Seems like this is a PHP7 only issue. None of the php versions we ship should be affected.