An issue has been found in PHP memory_limit. When the memory_limit is reached, PHP simply starts request termination, which can abort in unsafe places. Reported to vendor-sec on July 07 2004. This issue also affects Fedora Core 1 This issue has been designated CAN-2004-0594 RHEL is being handled by bug 127642
These issues are public: CAN-2004-0595 http://security.e-matters.de/advisories/122004.html CAN-2004-0594 http://security.e-matters.de/advisories/122004.html
PHP 4.3.8 is released which fixes the issue. Upgrading Fedora Core 1, 2 and Development to 4.3.8 solved the issues for me. Simple upgrade from 4.3.7-4 to 4.3.8 did it for me, no patch merging was necessary.
4.3.8 updates for FC1 and FC2 were issued last month: http://www.redhat.com/archives/fedora-announce-list/2004-July/msg00026.html http://www.redhat.com/archives/fedora-announce-list/2004-July/msg00027.html