Launchpad CVE tracker

CVE 2012-0788

The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.

Related bugs and status

CVE-2012-0788 (Candidate) is related to these bugs:

Bug #910296: Please backport the upstream patch to prevent attacks based on hash collisions

		In	Importance	Status
910296	Please backport the upstream patch to prevent attacks based on hash collisions	php5 (Ubuntu)	Medium	Fix Released
910296	Please backport the upstream patch to prevent attacks based on hash collisions	php5 (Ubuntu Lucid)	Medium	Fix Released
910296	Please backport the upstream patch to prevent attacks based on hash collisions	php5 (Ubuntu Oneiric)	Medium	Fix Released
910296	Please backport the upstream patch to prevent attacks based on hash collisions	php5 (Ubuntu Maverick)	Medium	Fix Released
910296	Please backport the upstream patch to prevent attacks based on hash collisions	php5 (Ubuntu Hardy)	Medium	Fix Released
910296	Please backport the upstream patch to prevent attacks based on hash collisions	php5 (Ubuntu Natty)	Medium	Fix Released
910296	Please backport the upstream patch to prevent attacks based on hash collisions	php5 (Ubuntu Precise)	Medium	Fix Released

Bug #925772: UPDATE REQUEST: php53u 5.3.10 is available upstream

Summary				In	Importance	Status
	925772	UPDATE REQUEST: php53u 5.3.10 is available upstream		IUS Community Project	Undecided	Fix Released
	925772	UPDATE REQUEST: php53u 5.3.10 is available upstream		php5 (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2012-0788

References