PHP before 5.3.7 does not properly implement the error_log function, which allows context-dependent attackers to cause a denial of service (application crash) via unspecified vectors.
Upstream patch: http://svn.php.net/viewvc?view=revision&revision=312417
Looking at the version of php and php53 shipped with rhel-6 and rhel-5, the following block of code which is vulnerable does not exist in: ext/standard/basic-functions.c 4677 if (opt_err == 3 && opt) { 4678 if (strlen(opt) != opt_len) { 4679 RETURN_FALSE; Statement: Not Vulnerable. This issue did not affect the version of php shipped with Red Hat Enterprise Linux 6. This issue did not affect the version of php53 shipped with Red Hat Enterprise Linux 5.
This issue has been addressed in Fedora in the following updates: Fedora-14: http://koji.fedoraproject.org/packages/php/5.3.8/1.fc14 Fedora-15: http://koji.fedoraproject.org/packages/php/5.3.8/1.fc15 Fedora-16: http://koji.fedoraproject.org/packages/php/5.3.8/1.fc16 Fedora-16-testing: http://koji.fedoraproject.org/packages/php/5.3.8/2.fc16 Fedora-Rawhide: http://koji.fedoraproject.org/packages/php/5.3.8/2.fc17