Stefan Esser reported that the fix for the HashDoS issue makes PHP susceptible to arbitrary code execution. Details in $URL.
Upstream commit: http://svn.php.net/viewvc?view=revision&revision=323007
php-5.3.10 committed to CVS. It may take 1-2 hours till the patchset is available on mirrors, tho.
*** Bug 401999 has been marked as a duplicate of this bug. ***
*** Bug 402079 has been marked as a duplicate of this bug. ***
Arches, please test and mark stable:
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
Stable for HPPA.
x86 done. Thanks
Stable on alpha.
The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows
remote attackers to execute arbitrary code via a request containing a large
number of variables, related to improper handling of array variables. NOTE:
this vulnerability exists because of an incorrect fix for CVE-2011-4885.
PHP before 5.3.10 does not properly perform a temporary change to the
magic_quotes_gpc directive during the importing of environment variables,
which makes it easier for remote attackers to conduct SQL injection attacks
via a crafted request, related to main/php_variables.c, sapi/cgi/cgi_main.c,
Thanks, everyone. Added to existing GLSA request.
This issue was resolved and addressed in
GLSA 201209-03 at http://security.gentoo.org/glsa/glsa-201209-03.xml
by GLSA coordinator Sean Amoss (ackle).