Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 17 Apr 2015 16:39:57 -0400 (EDT)
From: cve-assign@...re.org
To: emmanuel.law@...il.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, security@....net
Subject: Re: [CVE Request] Multiple vulnerabilities in PHP's Phar handling

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> There is a stack based buffer overflow when opening tar, zip or phar
> archives through the Phar extension. An attacker and exploit this to run
> arbitrary code.
> Affected versions: PHP < 5.6.8RC1
> Bug Report: https://bugs.php.net/bug.php?id=69441
> Patch:
> http://git.php.net/?p=php-src.git;a=commit;h=f59b67ae50064560d7bfcdb0d6a8ab284179053c

Use CVE-2015-3329.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJVMW7RAAoJEKllVAevmvms5ikH/RSwRGs1lZ26NaiOjkwXWolc
1F7M3IE/s5C5/lrzWN63Y+hjta/MJfnY0S5wJDXlwpYNLAO59oDQ341/Qgd8IRK7
NfVR9Mu8dpsKpdexqw7G0/ns0p/p/Q9eJiYSqRrbJPKdFbz//SYOEV6mKkRnabFz
ShiboS53+Onia5EeFHjsN3AdUEFlQW4jsArxxsHsz8Gu5JBCAKmtEOnp5o0QD9o8
B0bliLqcUmmvlb3yPn1hPgUXZbUmdZ16ix3qE3vsFln/9Qhf3c4zT8Hsyp5fSq/C
DWlyaPRXOOj3/op+TQPdgu60DCwhpAlj1go1VPxAqO1J9nwKz6Z9f9fnxe3VAD4=
=C34M
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ