It was reported [1] that a flaw in how the PHP Suhosin extension handled transparent cookie encryption could possibly lead to arbitrary code execution in certain situations. Quoting from the report: During an internal audit of the Suhosin PHP extension, which is often confused with the Suhosin PHP Patch, although they are not the same, a possible stack based buffer overflow inside the transparent cookie encryption feature was discovered. If successfully exploited this vulnerability can lead to arbitrary remote code execution. However further investigation into the vulnerability revealed that it can only be triggered if the admin has not only activated transparent cookie encryption, but also explicitly disabled several other security features of Suhosin. In addition to that remote exploitation requires a PHP application that puts unfiltered user input into a call to the header() function that sends a Set-Cookie header. Furthermore most modern unix systems compile the Suhosin extension with the FORTIFY_SOURCE flag, which will detect the possible buffer overflow and abort execution before something bad can happen. This can only ne done with the feature is enabled (suhosin.cookie.encrypt). This is corrected in upstream 0.9.33 [2]. [1] http://seclists.org/fulldisclosure/2012/Jan/295 [2] https://github.com/stefanesser/suhosin/commit/73b1968ee30f6d9d2dae497544b910e68e114bfa
Created php-suhosin tracking bugs for this issue Affects: fedora-15 [bug 783351] Affects: epel-5 [bug 783352] Affects: epel-6 [bug 783353]
Added CVE as per http://www.openwall.com/lists/oss-security/2012/01/24/11
Closing as the package is no more in the repo.