Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 214154

Summary:	CVE-2006-5465 PHP buffer overflow
Product:	[Retired] Stronghold for Red Hat Linux	Reporter:	Mark J. Cox <mjc>
Component:	php	Assignee:	Joe Orton <jorton>
Status:	CLOSED ERRATA	QA Contact:	Stronghold Engineering List <stronghold-eng-list>
Severity:	high	Docs Contact:
Priority:	medium
Version:	4.0	CC:	security-response-team, stronghold-eng-list
Target Milestone:	---	Keywords:	Security
Target Release:	---
Hardware:	All
OS:	Linux
Whiteboard:	source=vendorsec,reported=20061101,embargo=20061102,impact=important
Fixed In Version:	RHSA-2006-0736	Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2006-12-11 11:31:34 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Mark J. Cox 2006-11-06 09:35:06 UTC

+++ This bug was initially created as a clone of Bug #213543 +++

Stefan Esser told vendor-sec about a buffer overflow in PHP's
htmlentities/htmlspecialchars internal routines.  These flaws are triggered when
handling utf-8 data.  The danger in this flaw is that these functions are
usually passed user input.

The patch for this issue can be found here:
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/html.c?r1=1.111.2.2.2.2&r2=1.111.2.2.2.3

-- Additional comment from bressers on 2006-11-02 13:45 EST --
This issue is public:
http://secunia.com/advisories/22653/

Comment 2 Red Hat Bugzilla 2006-12-11 11:31:34 UTC

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2006-0736.html