Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2011-1153

Published: 16 March 2011

Multiple format string vulnerabilities in phar_object.c in the phar extension in PHP 5.3.5 and earlier allow context-dependent attackers to obtain sensitive information from process memory, cause a denial of service (memory corruption), or possibly execute arbitrary code via format string specifiers in an argument to a class method, leading to an incorrect zend_throw_exception_ex call.

Notes

AuthorNote
mdeslaur
reproducer in RH bug
sbeattie
php 5.2 does not include phar code

Priority

Medium

Status

Package Release Status
php5
Launchpad, Ubuntu, Debian
upstream Needs triage

dapper Not vulnerable

hardy Not vulnerable

karmic Not vulnerable

lucid
Released (5.3.2-1ubuntu4.8)
maverick
Released (5.3.3-1ubuntu9.4)
natty
Released (5.3.5-1ubuntu7.1)
Patches:
upstream: http://svn.php.net/viewvc?view=revision&revision=309221