An out-of-bounds heap read was found in phar_parse_zipfile due to not checking entry.uncompressed_filesize. Upstream bug: https://bugs.php.net/bug.php?id=72928 Upstream patch: https://github.com/php/php-src/commit/0bfb970f43acd1e81d11be1154805f86655f15d5?w=1 CVE assignment: http://seclists.org/oss-sec/2016/q3/518
Created php tracking bugs for this issue: Affects: fedora-all [bug 1377366]
Analysis: When a malicious phar file is read by phar_parse_zipfile() it results in a OOB read and crash.
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS Via RHSA-2018:1296 https://access.redhat.com/errata/RHSA-2018:1296