A vulnerability in Phar was found, allowing the files extracted from archive to be placed outside of the destination directory. Upstream patch: https://git.php.net/?p=php-src.git;a=commit;h=dda81f0505217a95db065e6bf9cc2d81eb902417 Upstream bug: https://bugs.php.net/bug.php?id=70019 CVE assignment: http://www.openwall.com/lists/oss-security/2015/09/08/7
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6 Via RHSA-2016:0457 https://rhn.redhat.com/errata/RHSA-2016-0457.html