This upstream PHP bug: http://bugs.php.net/bug.php?id=27421 describes an issue where setting mbstring.func_overload = 7 in a .htaccess file, causes that setting to be set globally for the webserver. This in turn breaks most unicode text operations, possibly hampering other sites hosted by the webserver.
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-0754 to the following vulnerability: Name: CVE-2009-0754 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0754 Assigned: 20090303 Reference: MLIST:[oss-security] 20090130 CVE Request - php (PHP BZ#27421) Reference: URL: http://www.openwall.com/lists/oss-security/2009/01/30/1 Reference: MLIST:[oss-security] 20090203 Re: CVE Request - php (PHP BZ#27421) Reference: URL: http://www.openwall.com/lists/oss-security/2009/02/03/3 Reference: MLIST:[oss-security] 20090225 Re: CVE Request - php (PHP BZ#27421) Reference: URL: http://www.openwall.com/lists/oss-security/2009/02/25/3 Reference: CONFIRM: http://bugs.php.net/bug.php?id=27421 PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
http://cvsweb.php.net/viewvc.cgi/php-src/ext/mbstring/mbstring.c?r1=1.276&r2=1.277
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2009:0338 https://rhn.redhat.com/errata/RHSA-2009-0338.html
This issue has been addressed in following products: Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4 Via RHSA-2009:0337 https://rhn.redhat.com/errata/RHSA-2009-0337.html
This issue has been addressed in following products: Red Hat Web Application Stack for RHEL 5 Via RHSA-2009:0350 https://rhn.redhat.com/errata/RHSA-2009-0350.html
(In reply to comment #5) > http://cvsweb.php.net/viewvc.cgi/php-src/ext/mbstring/mbstring.c?r1=1.276&r2=1.277 The patch first appears upstream in 5.2.7.
maniadrive-1.2-13.fc10, php-5.2.9-2.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
maniadrive-1.2-13.fc9, php-5.2.9-2.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.