PHP versions 5.4.42, 5.5.26, and 5.6.10 provide a fix for segmentation fault in php_pgsql_meta_data(): Fixed bug #69667 (segfault in php_pgsql_meta_data). Upstream bug: https://bugs.php.net/bug.php?id=69667 Upstream fix: http://git.php.net/?p=php-src.git;a=commitdiff;h=2cc4e69cc6d8dbc4b3568ad3dd583324a7c11d64 Not security bug upstream, but we found this when testing updates with fixes for CVE-2015-1352 (see bug 1185904).
Created php tracking bugs for this issue: Affects: fedora-all [bug 1234942]
Unlike the CVE-2015-1352 issue, this also affected older PHP versions including PHP 5.3.3 as shipped with Red Hat Enterprise Linux. This issue was already corrected in latest Red Hat Software Collections PHP packages updates: https://rhn.redhat.com/errata/RHSA-2015-1187.html rh-php56-php https://rhn.redhat.com/errata/RHSA-2015-1186.html php55-php https://rhn.redhat.com/errata/RHSA-2015-1219.html php54-php As the impact of this issue is limited to PHP interpreter crash, and it is triggered by a crafted database table name when using pgsql extension, this issue was rated as having Low security impact and is not planned to be corrected in future php packages updated in Red Hat Enterprise Linux 6 and 7, and php53 packages in Red Hat Enterprise Linux 5. The php packages in Red Hat Enterprise Linux 5 were not affected by this issue. This bug can only be an issue if PHP application uses untrusted input from remote user as database table name. This is unlikely, and is likely to have worse impact by itself (e.g. it may lead to SQL injection attacks). It is assume that table names (but also column names) used in SQL queries are from trusted source. Statement: Red Hat Product Security has rated this issue as having Low security impact. This issue is not planned to be corrected in future updates for php packages in Red Hat Enterprise Linux 6 and 7, and php53 packages in Red Hat Enterprise Linux 5. The php packages in Red Hat Enterprise Linux 5 were not affected by this issue.