An uninitialized pointer use flaw was found in the phar_make_dirstream() function of PHP's Phar extension. A specially crafted phar file in the ZIP format with a directory entry with a file name "/ZIP" could cause a PHP application function to crash. Upstream bug: https://bugs.php.net/bug.php?id=70433 Upstream patch: https://git.php.net/?p=php-src.git;a=patch;h=e78ac461dbefb7c4a3e9fde78d50fbc56b7b0183
Fixed in all versions of Fedora: php-5.6.14-1.fc21 php-5.6.14-1.fc22 php-5.6.14-1.fc23 php-5.6.14-1.fc24
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6 Via RHSA-2016:0457 https://rhn.redhat.com/errata/RHSA-2016-0457.html