206936 – CVE-2006-4486 PHP integer overflows in Zend

Bug 206936 - CVE-2006-4486 PHP integer overflows in Zend

Summary: CVE-2006-4486 PHP integer overflows in Zend

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 2.1
Classification:	Red Hat
Component:	php
Sub Component:
Version:	2.1
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Joe Orton
QA Contact:	David Lawrence
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2006-09-18 10:39 UTC by Joe Orton
Modified:	2007-11-30 22:06 UTC (History)
CC List:	1 user (show)
Fixed In Version:	RHSA-2006-0682
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2006-09-21 10:44:08 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2006:0682	0	normal	SHIPPED_LIVE	Moderate: php security update	2006-09-21 04:00:00 UTC

Description Joe Orton 2006-09-18 10:39:12 UTC

+++ This bug was initially created as a clone of Bug #206664 +++

PHP integer overflow

Integer overflows in the Zend allocation routines may prevent memory allocation
limits from being applied properly on 64-bit architectures, which could allow
denial of service attacks.

http://www.php.net/ChangeLog-5.php#5.1.6

This issue also affects RHEL3
This issue also affects RHEL2.1

Comment 4 Red Hat Bugzilla 2006-09-21 10:44:08 UTC

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2006-0682.html

Note You need to log in before you can comment on or make changes to this bug.