+++ This bug was initially created as a clone of Bug #162044 +++ A bug has been found in PHP's PEAR XML_RPC server which could allow remote code execution. This bug allows injection of arbitrary PHP commands into eval() statements.
This issue should also affect FC3
The proposed patch for this issue is attachment 116126 [details]
Fixed for FC3 (FEDORA-2005-517) and FC4 (FEDORA-2005-518). http://www.redhat.com/archives/fedora-announce-list/2005-July/msg00010.html http://www.redhat.com/archives/fedora-announce-list/2005-July/msg00011.html