From the PHP 5.2.6 changelog: * Fixed possible stack buffer overflow in the FastCGI SAPI identified by Andrei Nigmatulin.
The fix for this issue is here: http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/fastcgi.c?r1=1.44&r2=1.45&diff_format=u
Affected code was introduced in PHP version 5.1.3: Version 5.1.3 02-May-2006 [ ... ] * Reimplemented FastCGI interface. (Dmitry) http://www.php.net/ChangeLog-5.php#5.1.3
There are two changes in the referenced patch: 1) the first appears to fix a case where an amount of uninitialized stack buffer could be written to the FastCGI server. 2) the second appears to fix a buffer overflow which could be triggered by the FastCGI server. Since the FastCGI server is local trusted code and not under the control of an attacker, I would say that these bugs do not have any impact on security.
https://www.redhat.com/security/data/cve/CVE-2008-2050.html This issue does not affect the version of PHP shipped in Red Hat Enterprise Linux 2.1, 3, or 4. We do not consider this issue to be a security flaw for Red Hat Enterprise Linux 5 since no trust boundary is crossed.