CVE-2012-0788
Published: 20 January 2012
The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
Priority
Status
Package | Release | Status |
---|---|---|
php5 Launchpad, Ubuntu, Debian |
upstream |
Released
(5.3.9)
|
hardy |
Released
(5.2.4-2ubuntu5.22)
|
|
lucid |
Released
(5.3.2-1ubuntu4.13)
|
|
maverick |
Released
(5.3.3-1ubuntu9.9)
|
|
natty |
Released
(5.3.5-1ubuntu7.6)
|
|
oneiric |
Released
(5.3.6-13ubuntu3.5)
|
|
Patches: upstream: http://svn.php.net/viewvc?view=revision&revision=317272 |