Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 24 Sep 2011 07:56:34 -0600
From: Vincent Danen <>
Subject: CVE request: is_a() function may allow arbitrary code execution in
 PHP 5.3.7/5.3.8

Could a CVE be assigned for this flaw?  PHP 5.3.7 changed how the is_a()
function worked, and as a result it could allow for remote arbitrary
code execution if certain specific conditions are met (the blog post
referenced below has a good writeup of the flaw).

It looks like this is the fix:;revision=317183


Vincent Danen / Red Hat Security Response Team 

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ