*** This bug is a security vulnerability *** You have been subscribed to a public security bug by Marc Deslauriers (mdeslaur):
According to CVE-2011-4885: PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. CVE link: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4885 upstream php changes: http://svn.php.net/viewvc?view=revision&revision=321003 ** Affects: php5 (Ubuntu) Importance: Undecided Status: New ** Affects: php5 (Ubuntu Lucid) Importance: Undecided Status: New ** Affects: php5 (Ubuntu Maverick) Importance: Undecided Status: New ** Affects: php5 (Ubuntu Natty) Importance: Undecided Status: New ** Affects: php5 (Ubuntu Oneiric) Importance: Undecided Status: New ** Affects: php5 (Ubuntu Precise) Importance: Undecided Status: New ** Affects: php5 (Ubuntu Hardy) Importance: Undecided Status: New -- Please backport the upstream patch to prevent attacks based on hash collisions https://bugs.launchpad.net/bugs/910296 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
