CVE-2017-11147

Priority
Medium
Description
In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could
be used by attackers supplying malicious archive files to crash the PHP
interpreter or potentially disclose information due to a buffer over-read
in the phar_parse_pharfile function in ext/phar/phar.c.
References
Bugs
Package
Source: php5 (LP Ubuntu Debian)
Upstream:released (5.6.30)
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 12.04 ESM (Precise Pangolin):needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):released (5.5.9+dfsg-1ubuntu4.22)
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 17.04 (Zesty Zapus):DNE
Patches:
Upstream:https://github.com/php/php-src/commit/e5246580a85f031e1a3b8064edbaa55c1643a451
Package
Upstream:released (7.1.1)
Ubuntu 17.10 (Artful Aardvark):not-affected (7.1.6-2ubuntu1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 17.04 (Zesty Zapus):DNE
Patches:
Upstream:https://github.com/php/php-src/commit/e5246580a85f031e1a3b8064edbaa55c1643a451
Upstream:https://github.com/php/php-src/commit/7f0de1a138a69beb7c537fd1ec84afbc91a45b19 (7.0 merge)
Upstream:https://github.com/php/php-src/commit/2075fb2b73c2d56c7acfb29773a2dc68b8d2f29d (7.1 merge)
Package
Upstream:released (7.0.15)
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (7.0.18-0ubuntu0.16.04.1)
Ubuntu 17.04 (Zesty Zapus):not-affected (7.0.18-0ubuntu0.17.04.1)
Patches:
Upstream:https://github.com/php/php-src/commit/e5246580a85f031e1a3b8064edbaa55c1643a451
Upstream:https://github.com/php/php-src/commit/7f0de1a138a69beb7c537fd1ec84afbc91a45b19 (7.0 merge)
More Information

Updated: 2017-08-11 23:24:35 UTC (commit 13081)