Description of problem: PHP 5.2.3 release: http://www.php.net/releases/5_2_3.php Fixed an integer overflow inside chunk_split() (by Gerhard Wagner, CVE-2007-2872)
impact=moderate based on analysis of the vulnerability. Note that to exploit this the attacker would need to be able to supply an arbitrary argument as a 3rd argument to chunk_split. Most scripts that use chunk_script do not specify a 3rd argument or use a fixed argument.
note a more complete fix was included with PHP 5.2.4 release
This issue was addressed in: Red Hat Application Stack: http://rhn.redhat.com/errata/RHSA-2007-0891.html Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2007-0890.html http://rhn.redhat.com/errata/RHSA-2007-0889.html http://rhn.redhat.com/errata/RHSA-2007-0888.html Fedora: updated to fixed upstream version