Red Hat Bugzilla – Bug 382451
CVE-NONE php fnmatch() function may overflow
Last modified: 2007-11-29 10:15:14 EST
SUMMARY: Fixed possible triggering of buffer overflows inside glibc
implementations of the fnmatch(), setlocale() and glob() functions
(Reported by Laurent Gaffie)
COMMENT: setlocale(), glob() issues require control over
regex/locale which should be under script author control. fnmatch()
change may affect untrusted user data, so should fix that.
AFFECTS: RHEL >= 3 (no fnmatch in RHEL21)
These issues are covered by following CVE ids:
CVE-2007-4782 - fnmatch and glob (see bug #285881)
CVE-2007-4784 - setlocale (see bug #285901)
Closing this bug, see bugs above for more details.
*** This bug has been marked as a duplicate of 285881 ***