Mandriva Linux Security Advisory 2010-045 – PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the session.save_path directive. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/86602/MDVSA-2010-045.txt
Source: https://packetstormsecurity.com/files/86602/Mandriva-Linux-Security-Advisory-2010-045.html