276531 – (CVE-2007-4659) CVE-2007-4659 php zend_alter_ini_entry() memory_limit interruption

Bug 276531 (CVE-2007-4659) - CVE-2007-4659 php zend_alter_ini_entry() memory_limit interruption

Summary: CVE-2007-4659 php zend_alter_ini_entry() memory_limit interruption

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2007-4659
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	278431
Blocks:
TreeView+	depends on / blocked

Reported:	2007-09-04 15:47 UTC by Joe Orton
Modified:	2021-11-12 19:43 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2011-09-28 20:35:50 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2007:0917	0	normal	SHIPPED_LIVE	Moderate: php security update	2007-10-23 15:56:13 UTC

Description Joe Orton 2007-09-04 15:47:03 UTC

Description of problem:
http://www.php.net/releases/5_2_4.php

Fixed zend_alter_ini_entry() memory_limit interruption vulnerability. (Reported
by Stefan Esser)

Comment 1 Joe Orton 2007-09-04 15:47:50 UTC

http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_ini.c?r1=1.39.2.2.2.9&r2=1.39.2.2.2.10&diff_format=u

This issue does not affect PHP 4, or PHP 5.1.

Comment 4 Kurt Seifried 2011-09-28 20:35:50 UTC

This issue has been addressed in following products:

  Red Hat Application Stack v2

Via RHSA-2007:0917 available at https://rhn.redhat.com/errata/RHSA-2007-0917.html

Note You need to log in before you can comment on or make changes to this bug.