Red Hat Bugzilla – Bug 471223
php: incorrect patch for CVE-2006-3016 [rhel-2.1]
Last modified: 2009-06-01 04:32:08 EDT
Description of problem:
The patch applied to PHP packages in RHEL-2.1 to address security issue CVE-2006-3016 contain a bug. When user-supplied session identifier is dropped in php_session_initialize() because of the invalid characters used in the identifier, new safe session identifier is not generated by PHP. This later causes NULL pointer dereference and PHP interpreter crash. This bug is not a security flaw, as it only causes one httpd child to crash. New child is spawned by master httpd process to replace the dead child.
Version-Release number of selected component (if applicable):
id should be generated in a similar was as is in php_session_start():
PS(id) = _php_create_id(NULL TSRMLS_CC);
This does not affect RHEL3+ php packages.