Package: php5 Version: 5:5.1.2-1 Severity: grave Tags: security Justification: user security hole
A security issue in PHP has been reported which may allow for disclosing partial working memory contents on some PHP applications. Quoting Stefan Esser: > The bug is a binary safety issue in html_entity_decode. A function > that is not usually used on user input, because user input is usually > not expected in HTML format and then decoded. Even if the function is > used on user input it can only leak memory to a potential attacker if > the decoded user input is send back to the client. > > The bug was found in late February by one of the japanese PHP > developers and was fixed in CVS one day later. Because the bug is a > local memory leak it was not considered top critical and is among the > usual bugfixes. PHP 5.1.3-RC1 which was released in the beginning of > March already fixes this issue. References: [1] http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044544.html (follow the thread) [2] http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/thread.html (search the page for 'Critical PHP bug' to find additional threads) [3] http://bugs.gentoo.org/127939 Credits: - Developer advisory: "One of the japanese PHP developers" (according to S. Esser) - Public disclosure: Tõnu Samuel (tonu at jes.ee) -- System Information: Debian Release: testing/unstable -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
