Wind River Support Network

HomeDefectsLIN6-11376

Fixed

LIN6-11376 : Security Advisory - php - CVE-2016-4072

Created: May 31, 2016 Updated: Dec 3, 2018

Resolved Date: Jun 12, 2016

Found In Version: 6.0.0.29

Fix Version: 6.0.0.30

Severity: Standard

Applicable for: Wind River Linux 6

Component/s: Userspace

Description

The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via a crafted filename, as demonstrated by mishandling of \0 characters by the phar_analyze_path function in ext/phar/phar.c.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4072

Other Downloads

Wind River Linux 6.0.0.30
Wind River Linux 6.0.0.31
Wind River Linux 6.0.0.32
Wind River Linux 6.0.0.33
Wind River Linux 6.0.0.34
Wind River Linux 6.0.0.35
Wind River Linux 6.0.0.36
Wind River Linux 6.0.0.37
Wind River Linux 6.0.0.38