Date: Thu, 2 Feb 2012 20:12:22 +0100 From: Tomas Hoger <thoger@...hat.com> To: OSS Security <oss-security@...ts.openwall.com> Cc: security@....net, Stefan Esser <stefan.esser@...tioneins.de> Subject: PHP remote code execution introduced via HashDoS fix Hi! Internets are buzzing with info on the PHP flaw found by Stefan Esser in the fix for CVE-2011-4885. http://thexploit.com/sec/critical-php-remote-vulnerability-introduced-in-fix-for-php-hashtable-collision-dos/ http://www.h-online.com/security/news/item/Critical-PHP-vulnerability-being-fixed-1427316.html http://svn.php.net/viewvc?view=revision&revision=323007 This got CVE-2012-0830 assigned earlier today. This is sent to make the assignment public and avoid possible duplicate assignment. -- Tomas Hoger / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ