CVE-2016-4473

NameCVE-2016-4473
Description/ext/phar/phar_object.c in PHP 7.0.7 and 5.6.x allows remote attackers to execute arbitrary code. NOTE: Introduced as part of an incomplete fix to CVE-2015-6833.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-628-1
NVD severityhigh

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
php5sourcewheezy5.4.45-0+deb7u5DLA-628-1
php5sourcejessie5.6.23+dfsg-0+deb8u1
php5source(unstable)5.6.23+dfsg-1

Notes

The issue was introduced as part CVE-2015-6833, which was applied upstream
in versions 5.4.44, 5.5.28, and 5.6.12.
https://bugs.php.net/bug.php?id=72321
https://git.php.net/?p=php-src.git;a=commitdiff;h=d144590d38fa321b46b8e199c754006318985c84
Fixed in 5.6.23

Search for package or bug name: Reporting problems