Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2010-2225

Use-after-free vulnerability in the SplObjectStorage unserializer in PHP 5.2.x and 5.3.x through 5.3.2 allows remote attackers to execute arbitrary code or obtain sensitive information via serialized data, related to the PHP unserialize function.

Related bugs and status

CVE-2010-2225 (Candidate) is related to these bugs:

Bug #564920: PHP5 under Apache2 on 64 bit system is not completely 64 bit

Summary				In	Importance	Status
	564920	PHP5 under Apache2 on 64 bit system is not completely 64 bit		php5 (Ubuntu)	Low	Fix Released
	564920	PHP5 under Apache2 on 64 bit system is not completely 64 bit		php5 (Ubuntu Lucid)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://pastebin.com/mX...
MISC: http://twitter.com/i0n...
MISC: http://twitter.com/i0n...
MISC: https://bugzilla.redha...
MISC: http://secunia.com/adv...
MISC: http://www.securityfoc...
MISC: http://lists.apple.com...
MISC: http://www.debian.org/...
MISC: http://marc.info/?l=bu...
MISC: http://lists.opensuse....
MISC: http://lists.opensuse....
MISC: http://support.apple.c...
MISC: https://exchange.xforc...