A vulnerability was found in the SplObjectStorage unserializer. If the PHP
unserialize() function is used by a script on untrusted data provided by a
remote attacker the attacker may be able to force an information leak or
remote execution of code on the server.
This was reported by Stefan Esser at the SyScan'10 Conference in Singapore.
Created php tracking bugs for this issue
Affects: fedora-all [bug 605645]
Based on the information we have on this issue so far, it does not affect the versions of php as supplied with Red Hat Enterprise Linux 3, 4, or 5.
Stefan released an advisory for this vulnerability: http://php-security.org/2010/06/25/mops-2010-061-php-splobjectstorage-deserialization-use-after-free-vulnerability/
Upstream committed the following fix for this issue:
Blog post with additional information:
Fixed upstream in 5.3.3:
Not vulnerable. This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 3, 4, or 5.
Looks like it's safe to close this bug as "RESOLVED" or "NOTABUG" or somesuch.