PublicDateAtUSN: 2012-01-20
Candidate: CVE-2012-0788
PublicDate: 2012-02-14 15:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0788
 http://openwall.com/lists/oss-security/2012/01/20/3
 https://ubuntu.com/security/notices/USN-1358-1
Description:
 The PDORow implementation in PHP before 5.3.9 does not properly interact
 with the session feature, which allows remote attackers to cause a denial
 of service (application crash) via a crafted application that uses a PDO
 driver for a fetch and then calls the session_start function, as
 demonstrated by a crash of the Apache HTTP Server.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.php.net/bug.php?id=55776
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_php5:
 upstream: http://svn.php.net/viewvc?view=revision&revision=317272
upstream_php5: released (5.3.9)
hardy_php5: released (5.2.4-2ubuntu5.22)
lucid_php5: released (5.3.2-1ubuntu4.13)
maverick_php5: released (5.3.3-1ubuntu9.9)
natty_php5: released (5.3.5-1ubuntu7.6)
oneiric_php5: released (5.3.6-13ubuntu3.5)
devel_php5: not-affected (5.3.10-1ubuntu1)