Launchpad.net

CVE 2006-3017

zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x before 5.1.3 can cause zend_hash_del to delete the wrong element, which prevents a variable from being unset even when the PHP unset function is called, which might cause the variable's value to be used in security-relevant operations.

Related bugs and status

CVE-2006-3017 (Candidate) is related to these bugs:

Bug #53581: hoary: intermittent SIGSEGV from php pages after upgrade to 4.3.10-10ubuntu4.5

Summary				In	Importance	Status
	53581	hoary: intermittent SIGSEGV from php pages after upgrade to 4.3.10-10ubuntu4.5		php4 (Ubuntu)	High	Fix Released

Bug #56866: PHP 4.4.3 and 4.4.4 fix security bugs (CVE-2006-3016 , CVE-2006-3017)

Summary				In	Importance	Status
	56866	PHP 4.4.3 and 4.4.4 fix security bugs (CVE-2006-3016 , CVE-2006-3017)		php4 (Ubuntu)	High	Fix Released

Bug #65266: [UVF Exception] Sync php4 4.4.4 from Debian unstable

Summary				In	Importance	Status
	65266	[UVF Exception] Sync php4 4.4.4 from Debian unstable		php4 (Ubuntu)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.php.net/rel...
OSVDB: 25255
SECUNIA: 19927
SECTRACK: 1016306
SUSE: SUSE-SA:2006:031
SUSE: SUSE-SA:2006:034
SECUNIA: 21050
REDHAT: RHSA-2006:0568
REDHAT: RHSA-2006:0567
SGI: 20060701-01-U
SECUNIA: 21031
SECUNIA: 21135
SECUNIA: 21202
SECUNIA: 21252
MISC: http://www.hardened-ph...
SECTRACK: 1016649
REDHAT: RHSA-2006:0549
BID: 17843
CONFIRM: http://support.avaya.c...
SECUNIA: 21723
CONFIRM: https://issues.rpath.c...
SECUNIA: 22225
DEBIAN: DSA-1206
SECUNIA: 22713
TURBO: TLSA-2006-38
FULLDISC: 20060806 PHP: Zend_Has...
OSVDB: 26466
SECUNIA: 21125
MANDRIVA: MDKSA-2006:122
CONFIRM: http://cvs.php.net/vie...
CONFIRM: http://cvs.php.net/vie...
XF: php-zendhashdel-unspec...
OVAL: oval:org.mitre.oval:de...
UBUNTU: USN-320-1
BUGTRAQ: 20060806 PHP: Zend_Has...
BUGTRAQ: 20061005 rPSA-2006-018...