Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 2 Feb 2012 20:12:22 +0100
From: Tomas Hoger <thoger@...hat.com>
To: OSS Security <oss-security@...ts.openwall.com>
Cc: security@....net, Stefan Esser <stefan.esser@...tioneins.de>
Subject: PHP remote code execution introduced via HashDoS fix

Hi!

Internets are buzzing with info on the PHP flaw found by Stefan Esser
in the fix for CVE-2011-4885.

http://thexploit.com/sec/critical-php-remote-vulnerability-introduced-in-fix-for-php-hashtable-collision-dos/
http://www.h-online.com/security/news/item/Critical-PHP-vulnerability-being-fixed-1427316.html
http://svn.php.net/viewvc?view=revision&revision=323007

This got CVE-2012-0830 assigned earlier today.  This is sent to make
the assignment public and avoid possible duplicate assignment.

-- 
Tomas Hoger / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ