Package: php5 Version: all Severity: critical Tags: security, fixed-upstream
See http://www.heise-security.co.uk/news/79145 and http://rhn.redhat.com/errata/RHSA-2006-0708.html " An integer overflow was discovered in the PHP memory handling routines. If a script can cause memory allocation based on untrusted user data, a remote attacker sending a carefully crafted request could execute arbitrary code as the 'apache' user. (CVE-2006-4812) " and http://archives.mandrivalinux.com/security-announce/2006-10/msg00004.php Fixed upstream: http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_alloc.c?r1=1.161&r2=1.162 Old versions of Php4 are possibly also affected. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
