Red Hat Bugzilla – Bug 196256
CVE-2006-3017 zend_hash_del bug
Last modified: 2007-11-30 17:07:25 EST
CVE-2006-2657: A bug in zend_hash_del() allowed attackers to prevent
unsetting of some variables. Fixed upstream in PHP 5.1.4
This could be bad for scripts where register_globals is on as often variables
are only initialized by unsetting them, but it could also have side effects on
other scripts depending on the script.
Affects RHEL3, RHEL4 (RHEL2.1 separate tracking bug)
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.