127643 – CAN-2004-0594 PHP memory_limit issue

Bug 127643 - CAN-2004-0594 PHP memory_limit issue

Summary: CAN-2004-0594 PHP memory_limit issue

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	php
Sub Component:
Version:	2
Hardware:	All
OS:	Linux
Priority:	high
Severity:	medium
Target Milestone:	---
Assignee:	Joe Orton
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2004-07-12 02:06 UTC by Josh Bressers
Modified:	2007-11-30 22:10 UTC (History)
CC List:	5 users (show)
Fixed In Version:	4.3.8-2.1
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2004-08-19 12:57:08 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Josh Bressers 2004-07-12 02:06:02 UTC

An issue has been found in PHP memory_limit.  When the memory_limit is
reached, PHP simply starts request termination, which can abort in
unsafe places.  Reported to vendor-sec on July 07 2004.

This issue also affects Fedora Core 1

This issue has been designated CAN-2004-0594

RHEL is being handled by bug 127642

Comment 2 Mark J. Cox 2004-07-14 06:50:52 UTC

These issues are public:

CAN-2004-0595 http://security.e-matters.de/advisories/122004.html
CAN-2004-0594 http://security.e-matters.de/advisories/122004.html

Comment 3 Robert Scheck 2004-07-14 11:25:04 UTC

PHP 4.3.8 is released which fixes the issue. Upgrading Fedora Core 1, 2
and Development to 4.3.8 solved the issues for me.

Simple upgrade from 4.3.7-4 to 4.3.8 did it for me, no patch merging
was necessary.

Comment 4 Joe Orton 2004-08-19 12:57:08 UTC

4.3.8 updates for FC1 and FC2 were issued last month:

http://www.redhat.com/archives/fedora-announce-list/2004-July/msg00026.html
http://www.redhat.com/archives/fedora-announce-list/2004-July/msg00027.html

Note You need to log in before you can comment on or make changes to this bug.