PublicDateAtUSN: 2010-05-07
Candidate: CVE-2010-1866
PublicDate: 2010-05-07 23:00:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1866
 http://php-security.org/2010/05/02/mops-2010-003-php-dechunk-filter-signed-comparison-vulnerability/index.html
 http://www.php.net/releases/5_3_3.php
 https://ubuntu.com/security/notices/USN-989-1
Description:
 The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP chunked
 encoding stream, allows context-dependent attackers to cause a denial of
 service (crash) and possibly trigger memory corruption via a negative chunk
 size, which bypasses a signed comparison, related to an integer overflow in
 the chunk size decoder.
Ubuntu-Description:
Notes:
 mdeslaur> 5.3 only
 mdeslaur> This is MOPS-2010-003
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_php5:
 upstream: http://svn.php.net/viewvc?view=revision&revision=298700
upstream_php5: released (5.3.3)
dapper_php5: not-affected (5.1.2-1ubuntu3.18)
hardy_php5: not-affected (5.2.4-2ubuntu5.10)
jaunty_php5: not-affected (5.2.6.dfsg.1-3ubuntu4.5)
karmic_php5: not-affected (5.2.10.dfsg.1-2ubuntu6.4)
lucid_php5: released (5.3.2-1ubuntu4.5)
devel_php5: not-affected (5.3.3-1ubuntu6)