Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 02 Aug 2012 13:47:54 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Marcus Meissner <meissner@...e.de>, Henri Salo <henri@...v.fi>,
        johannes@....net, noamr@...ondsecurity.com
Subject: Re: CVE Request: php5 pdo array overread/crash

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/02/2012 05:37 AM, Marcus Meissner wrote:
> Hi,
> 
> I think this issue does not have a CVE id yet as far as I can see:
> 
> Prepared statements in PHP5 pdo can be used to cause an array
> overread and crash of the php5 interpreter instance.
> 
> References: Report on Bugtraq:
> http://seclists.org/bugtraq/2012/Jun/60 Upstream PHP bug (including
> testcase) available at: https://bugs.php.net/bug.php?id=61755 
> https://bugzilla.novell.com/show_bug.cgi?id=769785
> 
> Ciao, Marcus

Please use CVE-2012-3450 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJQGtlqAAoJEBYNRVNeJnmTmfMQAKuAeGWG9FsAFqQXzno7Lfze
aGksvLs799vJOCj2a97lgoOK2rl3Q0YrqsAGdREZOPs9Xr3lTUrMPSMuivHj0ghb
9j269jLy3IKD6LcjZWi1GFbBx7IHVaEZ6W0pHaGUByXRe8eUZM6Ydu6k+J4gMVk1
kt/l55MIvryyY0nJXA3TeyZW3M6mCT76t/E7llczHnDlaztuuBVYEDBPclGepTId
EY+697OJQedMCXIjXoenKyn4D1bhDSGxNuW+7/Cju6phfpbIeYcdP7LWqTfdc7m/
KbN+Ry9jwcpv73usnFvVocRRdp7XtbHEtS4bJ0NlG8RqkWqbjdQIjYYK3EwiayAa
N519HfNJEnpW+avHrfGWE8Xw864I3W3SwjE0Z/3hKeGJffEwHW1x6apAeCfwKJ5O
5ak9yufZsrgUP/E4mO3lZXOMfkMnWO063icC+fKSV77MhFF44dkLwp5hlo2OesMz
EzTPA0XWMZ+k1veg+ISFNm6DAdQX8NlKrfZvbxrlfLiOe5nZmimCCyXeDGHCsqQw
KfpTB2nDseWntojIZf0vmZ+e4AKGoQ6ZeFOwbTdtyAG94cF5QMc2v4wZzVbBh+1U
5FDF2MKSeKMnYYJsrUxze/wOwD3upSxzyO6Wiy/4Kt1hHA9MdQw0G61tkA8n/YbN
xeQbLeuxtW2V0Ok/AkWh
=F43T
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ