A vulnerability was found in php. main/php_open_temporary_file.c in PHP before 5.5.28 and 5.6.x before 5.6.12 does not ensure thread safety, which allows remote attackers to cause a denial of service (race condition and heap memory corruption) by leveraging an application that performs many temporary-file accesses.
Created php tracking bugs for this issue:
Affects: fedora-all [bug 1338927]
Upstream identified that this problem was introduced via the following change:
in versions 5.5.26 and 5.6.10. Issue was corrected by this patch:
in versions 5.5.28 and 5.6.12. No Red Hat product included affected versions.