Jump to content
Sign in to follow this  

Advisories MDVSA-2011:004: php-phar

Recommended Posts

A vulnerability has been found and corrected in php-phar:


Multiple format string vulnerabilities in the phar extension in PHP

5.3 before 5.3.2 allow context-dependent attackers to obtain sensitive

information (memory contents) and possibly execute arbitrary code

via a crafted phar:// URI that is not properly handled by the (1)

phar_stream_flush, (2) phar_wrapper_unlink, (3) phar_parse_url, or

(4) phar_wrapper_open_url functions in ext/phar/stream.c; and the (5)

phar_wrapper_open_dir function in ext/phar/dirstream.c, which triggers

errors in the php_stream_wrapper_log_error function (CVE-2010-2094).


The updated packages have been upgraded to the latest version (2.0.0)

and patched to correct this issue.

Share this post

Link to post
Share on other sites
This topic is now closed to further replies.
Sign in to follow this  

  • Create New...