+++ This bug was initially created as a clone of Bug #196256 +++ CVE-2006-2657: A bug in zend_hash_del() allowed attackers to prevent unsetting of some variables. Fixed upstream in PHP 5.1.4 This could be bad for scripts where register_globals is on as often variables are only initialized by unsetting them, but it could also have side effects on other scripts depending on the script. Upstream fix: http://cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?hideattic=0&r1=1.87.4.8.2.1&r2=1.87.4.8.2.2 Affects RHEL3, RHEL4 (RHEL2.1 separate tracking bug)
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2006-0567.html