Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2016-2554

Stack-based buffer overflow in ext/phar/tar.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TAR archive.

Related bugs and status

CVE-2016-2554 (Candidate) is related to these bugs:

Bug #1509817: libxml_disable_entity_loader is not theadsafe

Summary				In	Importance	Status
	1509817	libxml_disable_entity_loader is not theadsafe		php5 (Ubuntu)	Undecided	Fix Released
	1509817	libxml_disable_entity_loader is not theadsafe		php5 (Ubuntu Trusty)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://php.net/ChangeL...
CONFIRM: http://php.net/ChangeL...
CONFIRM: https://bugs.php.net/b...
CONFIRM: https://h20566.www2.hp...
SUSE: SUSE-SU-2016:1145
SUSE: SUSE-SU-2016:1166
SUSE: openSUSE-SU-2016:1173
UBUNTU: USN-2952-1
UBUNTU: USN-2952-2
REDHAT: RHSA-2016:2750