Several format string flaws were found in PHP's Phar extension  that could be used to leak some parts of memory via error messages. These have been corrected in upstream svn . The Phar extension is part of PHP since 5.3.0.
This is demonstrated with the following:
$x = new PharData('a.php');
% php phar.php
PHP Fatal error: Uncaught exception 'PharException' with message 'unable to open phar for reading "00000000.00000008.00000000.bffb3624.081ef712"' in /tmp/tests/phar.php:4
#0 /tmp/tests/phar.php(4): PharData::loadPhar('%08x.%08x.%08x....')
thrown in /tmp/tests/phar.php on line 4
I'm not very familiar with these phar archives, but I suspect these would not be something a user could just upload (or a normal site would allow to be uploaded and then loaded), so I believe this flaw is probably more of a local flaw, than a remote flaw.
Red Hat does not consider this flaw to be a security issue. It is improbable that a script would accept untrusted user input or unvalidated script input data as a PHAR archive file name to load. The file name passed to the PHAR-handling functions is therefore under the full control of the script author and no trust boundary is crossed.