REDHAT-BUG-688735
First published: Thu Mar 17 2011(Updated: )
It was reported that ZipArchive() would segfault when opening an empty archive with the FL_UNCHANGED flag set [1]. This is corrected in upstream PHP 5.3.6 [2],[3]. [1] <a href="http://bugs.php.net/bug.php?id=53885">http://bugs.php.net/bug.php?id=53885</a> [2] <a href="http://www.php.net/ChangeLog-5.php#5.3.6">http://www.php.net/ChangeLog-5.php#5.3.6</a> [3] <a href="http://svn.php.net/viewvc/?view=revision&amp;revision=307867">http://svn.php.net/viewvc/?view=revision&amp;revision=307867</a>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| PHP | <5.3.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://bugs.php.net/bug.php?id=53885
- http://www.php.net/ChangeLog-5.php#5.3.6
- http://svn.php.net/viewvc/?view=revision&revision=307867
- http://php.net/manual/en/function.ziparchive-getnameindex.php
- http://php.net/manual/en/function.ziparchive-locatename.php
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=688940
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=688941
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=688942
- http://securityreason.com/achievement_securityalert/96
- http://www.nih.at/libzip/NEWS.html
- https://bugzilla.redhat.com/show_bug.cgi?id=688735
Frequently Asked Questions
Can REDHAT-BUG-688735 lead to data loss?
While REDHAT-BUG-688735 primarily causes crashes, it could potentially lead to data loss if the application does not handle crashes gracefully.
- agent/last-modified-date
- agent/first-publish-date
- agent/type
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2011-0421
- agent/references
- agent/severity
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/php
- canonical/php