Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2015-7803

Published: 12 October 2015

The phar_get_entry_data function in ext/phar/util.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a .phar file with a crafted TAR archive entry in which the Link indicator references a file that does not exist.

Priority

Medium

Status

Package Release Status
php5
Launchpad, Ubuntu, Debian 		precise
Released (5.3.10-1ubuntu3.21)
trusty
Released (5.5.9+dfsg-1ubuntu4.14)
upstream
Released (5.5.30,5.6.14)
vivid
Released (5.6.4+dfsg-4ubuntu6.4)
wily
Released (5.6.11+dfsg-1ubuntu3.1)
Patches:
upstream: http://git.php.net/?p=php-src.git;a=commit;h=d698f0ae51f67c9cce870b09c59df3d6ba959244
upstream: http://git.php.net/?p=php-src.git;a=commit;h=f98ab19dc0c978e3caaa2614579e4a61f2c317f5

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading