Common Vulnerabilities and Exposures assigned an identifier CVE-2011-1148 to the following vulnerability: Name: CVE-2011-1148 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1148 Assigned: 20110303 Reference: http://openwall.com/lists/oss-security/2011/03/13/2 Reference: http://openwall.com/lists/oss-security/2011/03/13/3 Reference: http://openwall.com/lists/oss-security/2011/03/13/9 Reference: http://bugs.php.net/bug.php?id=54238 Reference: http://www.securityfocus.com/bid/46843 Reference: http://xforce.iss.net/xforce/xfdb/66080 Use-after-free vulnerability in the substr_replace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by using the same variable for multiple arguments.
http://svn.php.net/viewvc?view=revision&revision=310194
This is corrected in upstream 5.3.7: http://www.php.net/archive/2011.php#id2011-08-18-1
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Via RHSA-2011:1423 https://rhn.redhat.com/errata/RHSA-2011-1423.html
This issue did not affect the version of php shipped with Fedora 15 and Fedora 16.
(In reply to comment #8) > This issue did not affect the version of php shipped with Fedora 15 and Fedora > 16. It's probably less confusing to say that Fedora 15 and 16 are not affected by this issue as they ship fixed upstream version. F-15, however, included php 5.3.6 at GA and as this issue was first fixed upstream in 5.3.7 (see comment #3), it probably was affected by this issue for some time.
Statement: This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 4.
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2012:0033 https://rhn.redhat.com/errata/RHSA-2012-0033.html