Fedora Account System
Red Hat Associate
Red Hat Customer
FC5test1 tracking bug +++ This bug was initially created as a clone of Bug #172207 +++ The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when register_globals is enabled, allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications via a multipart/form-data POST request with a "GLOBALS" fileupload field. http://www.hardened-php.net/advisory_202005.79.html This issue should also affect FC3 -- Additional comment from jorton on 2005-11-08 06:28 EST -- *** Bug 172200 has been marked as a duplicate of this bug. ***
leaving vulnerable for FC5test2 until we check to make sure this is actually fixed in upstream 5.1.1
ping! if fixed in rawhide please close this bug, otherwise please try to fix this before FC5Test3 (Feb 6)
ping! if fixed in rawhide please close this bug, otherwise please try to fix this before FC5Test3 (Feb 13 freeze)
These bugs are being closed since a large number of updates have been released after the FC5 test1 and test2 releases. Kindly update your system by running yum update as root user or try out the third and final test version of FC5 being released in a short while and verify if the bugs are still present on the system .Reopen or file new bug reports as appropriate after confirming the presence of this issue. Thanks
By code inspection, this is fixed in the 5.1.2 tree.