Launchpad.net

CVE 2016-6294

The locale_accept_from_http function in ext/intl/locale/locale_methods.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long argument.

Related bugs and status

CVE-2016-6294 (Candidate) is related to these bugs:

Bug #1315888: Zlib functions (gzopen etc.) are undefined while gzopen64 etc. exist

		In	Importance	Status
1315888	Zlib functions (gzopen etc.) are undefined while gzopen64 etc. exist	php	Unknown	Unknown
1315888	Zlib functions (gzopen etc.) are undefined while gzopen64 etc. exist	php5 (Ubuntu Trusty)	High	Fix Released
1315888	Zlib functions (gzopen etc.) are undefined while gzopen64 etc. exist	php5 (Ubuntu)	High	Fix Released

Bug #1594041: PHP Security Bug #68978: "XSS in header() with Internet Explorer" has not been backported

		In	Importance	Status
1594041	PHP Security Bug #68978: "XSS in header() with Internet Explorer" has not been backported	php5 (Ubuntu)	Undecided	Fix Released
1594041	PHP Security Bug #68978: "XSS in header() with Internet Explorer" has not been backported	php5 (Ubuntu Wily)	Undecided	Fix Released
1594041	PHP Security Bug #68978: "XSS in header() with Internet Explorer" has not been backported	php5 (Ubuntu Trusty)	Medium	Fix Released
1594041	PHP Security Bug #68978: "XSS in header() with Internet Explorer" has not been backported	php5 (Ubuntu Yakkety)	Undecided	Fix Released
1594041	PHP Security Bug #68978: "XSS in header() with Internet Explorer" has not been backported	php5 (Ubuntu Precise)	Medium	Fix Released
1594041	PHP Security Bug #68978: "XSS in header() with Internet Explorer" has not been backported	php5 (Ubuntu Xenial)	Undecided	Fix Released
1594041	PHP Security Bug #68978: "XSS in header() with Internet Explorer" has not been backported	php	Unknown	Unknown

Bug #1641211: Please merge php7.0 7.0.12-2 from Debian unstable

Summary				In	Importance	Status
	1641211	Please merge php7.0 7.0.12-2 from Debian unstable		php7.0 (Ubuntu)	Undecided	Fix Released

Bug #1645431: [SRU] microrelease exception for src:php7.0 (7.0.13)

		In	Importance	Status
1645431	[SRU] microrelease exception for src:php7.0 (7.0.13)	php7.0 (Ubuntu)	Medium	Fix Released
1645431	[SRU] microrelease exception for src:php7.0 (7.0.13)	php7.0 (Ubuntu Yakkety)	Medium	Fix Released
1645431	[SRU] microrelease exception for src:php7.0 (7.0.13)	php7.0 (Ubuntu Xenial)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2016-6294

Related bugs and status

Related bugs

References