Launchpad CVE tracker

CVE 2016-4539

The xml_parse_into_struct function in ext/xml/xml.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (buffer under-read and segmentation fault) or possibly have unspecified other impact via crafted XML data in the second argument, leading to a parser level of zero.

Related bugs and status

CVE-2016-4539 (Candidate) is related to these bugs:

Bug #1569128: php7.0-common provides incompatible php-gettext [16.04 Xenial]

		In	Importance	Status
1569128	php7.0-common provides incompatible php-gettext [16.04 Xenial]	phpmyadmin (Ubuntu)	Medium	Fix Released
1569128	php7.0-common provides incompatible php-gettext [16.04 Xenial]	phpMyAdmin	Unknown	Fix Released
1569128	php7.0-common provides incompatible php-gettext [16.04 Xenial]	php7.0 (Ubuntu)	Medium	Fix Released
1569128	php7.0-common provides incompatible php-gettext [16.04 Xenial]	php7.0 (Debian)	Unknown	Fix Released
1569128	php7.0-common provides incompatible php-gettext [16.04 Xenial]	php7.0 (Ubuntu Xenial)	Undecided	Fix Released

Bug #1595215: php7.0 dba extension missing

Summary				In	Importance	Status
	1595215	php7.0 dba extension missing		php7.0 (Ubuntu)	Undecided	Fix Released
	1595215	php7.0 dba extension missing		php7.0 (Ubuntu Xenial)	Undecided	Fix Released

Bug #1596578: zabbix issues with current php version

Summary				In	Importance	Status
	1596578	zabbix issues with current php version		php7.0 (Ubuntu)	Low	Fix Released
	1596578	zabbix issues with current php version		php7.0 (Ubuntu Xenial)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2016-4539

References