+++ This bug was initially created as a clone of Bug #196256 +++ CVE-2006-3017: A bug in zend_hash_del() allowed attackers to prevent unsetting of some variables. Fixed upstream in PHP 5.1.4 This could be bad for scripts where register_globals is on as often variables are only initialized by unsetting them, but it could also have side effects on other scripts depending on the script. Upstream fix: http://cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?hideattic=0&r1=1.87.4.8.2.1&r2=1.87.4.8.2.2 This issue should also affect FC4
Fixed in 5.1.4 update, FEDORA-2006-289.