PHP 5.2.12 was released with the following reference: Added protection for $_SESSION from interrupt corruption and improved "session.save_path" check, identified by Stefan Esser. (CVE-2009-4143, Stas) There is no referring bug report and I cannot currently find any further information on this issue.
This issue is documented here, beginning at page 50: http://www.suspekt.org/downloads/POC2009-ShockingNewsInPHPExploitation.pdf
Relevant upstream commit should be this: http://svn.php.net/viewvc?view=revision&revision=291681 + NEWS file updates in 291703 and 291804.
More on using interruption flaws to compromise PHP interpreter from the script: http://www.suspekt.org/2009/08/12/state-of-the-art-post-exploitation-in-hardened-php-environments/
This flaw can be used by PHP script author to bypass restrictions such as safe_mode or open_basedir. Red Hat does not treat such issue as security flaws: https://bugzilla.redhat.com/show_bug.cgi?id=169857#c1 Additionally, fix in 5.2.12 adds protection for $_SESSION. In older PHP versions, usort() interruptions can be used to corrupt any array. *** This bug has been marked as a duplicate of bug 169857 ***