Summary: | <dev-lang/php-5.2.11-r1 Memory disclosure (CVE-2009-2626) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | php-bugs |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://securityreason.com/achievement_securityalert/65 | ||
Whiteboard: | B4 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Robert Buchholz (RETIRED)
2009-08-06 20:20:23 UTC
This is fixed in latest stable (5.2.11-r1). CVE-2009-2626 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2626): The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a variable, then using the ini_restore function to restore the variable. GLSA 201001-03. Thank you everyone, sorry about the delay. |