Red Hat Bugzilla – Bug 197379
CVE-2006-3017 zend_hash_del bug
Last modified: 2007-11-30 17:11:36 EST
+++ This bug was initially created as a clone of Bug #196256 +++
CVE-2006-3017: A bug in zend_hash_del() allowed attackers to prevent
unsetting of some variables. Fixed upstream in PHP 5.1.4
This could be bad for scripts where register_globals is on as often variables
are only initialized by unsetting them, but it could also have side effects on
other scripts depending on the script.
This issue should also affect FC4
Fixed in 5.1.4 update, FEDORA-2006-289.