Jump to content

Advisories MDVSA-2011:004: php-phar


Recommended Posts

A vulnerability has been found and corrected in php-phar:


Multiple format string vulnerabilities in the phar extension in PHP

5.3 before 5.3.2 allow context-dependent attackers to obtain sensitive

information (memory contents) and possibly execute arbitrary code

via a crafted phar:// URI that is not properly handled by the (1)

phar_stream_flush, (2) phar_wrapper_unlink, (3) phar_parse_url, or

(4) phar_wrapper_open_url functions in ext/phar/stream.c; and the (5)

phar_wrapper_open_dir function in ext/phar/dirstream.c, which triggers

errors in the php_stream_wrapper_log_error function (CVE-2010-2094).


The updated packages have been upgraded to the latest version (2.0.0)

and patched to correct this issue.

Link to comment
Share on other sites

This topic is now closed to further replies.

  • Create New...