Red Hat Bugzilla – Bug 187230
CVE-2006-1490 PHP memory disclosure issue
Last modified: 2007-11-30 17:07:24 EST
PHP memory disclosure issue
A memory disclosure issue was found and fixed in PHP's
unescape_html_entities function. This issue allows a malformed HTML
string to leak back arbitrary memory from the PHP process.
There is more information in the full-disclosure thread:
The reporter on full-disclosure attempts to make this issue sound
considerably worse than it is.
The patch is here:
This issue also affects RHEL3
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.