CVE 2016-5399
The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive.
Related bugs and status
CVE-2016-5399 (Candidate) is related to these bugs:
Bug #1315888: Zlib functions (gzopen etc.) are undefined while gzopen64 etc. exist
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1315888 | Zlib functions (gzopen etc.) are undefined while gzopen64 etc. exist | php | Unknown | Unknown | ||
| 1315888 | Zlib functions (gzopen etc.) are undefined while gzopen64 etc. exist | php5 (Ubuntu Trusty) | High | Fix Released | ||
| 1315888 | Zlib functions (gzopen etc.) are undefined while gzopen64 etc. exist | php5 (Ubuntu) | High | Fix Released | ||
Bug #1594041: PHP Security Bug #68978: "XSS in header() with Internet Explorer" has not been backported
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1594041 | PHP Security Bug #68978: "XSS in header() with Internet Explorer" has not been backported | php5 (Ubuntu) | Undecided | Fix Released | ||
| 1594041 | PHP Security Bug #68978: "XSS in header() with Internet Explorer" has not been backported | php5 (Ubuntu Wily) | Undecided | Fix Released | ||
| 1594041 | PHP Security Bug #68978: "XSS in header() with Internet Explorer" has not been backported | php5 (Ubuntu Trusty) | Medium | Fix Released | ||
| 1594041 | PHP Security Bug #68978: "XSS in header() with Internet Explorer" has not been backported | php5 (Ubuntu Yakkety) | Undecided | Fix Released | ||
| 1594041 | PHP Security Bug #68978: "XSS in header() with Internet Explorer" has not been backported | php5 (Ubuntu Precise) | Medium | Fix Released | ||
| 1594041 | PHP Security Bug #68978: "XSS in header() with Internet Explorer" has not been backported | php5 (Ubuntu Xenial) | Undecided | Fix Released | ||
| 1594041 | PHP Security Bug #68978: "XSS in header() with Internet Explorer" has not been backported | php | Unknown | Unknown | ||
Bug #1641211: Please merge php7.0 7.0.12-2 from Debian unstable
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1641211 | Please merge php7.0 7.0.12-2 from Debian unstable | php7.0 (Ubuntu) | Undecided | Fix Released | ||
Bug #1645431: [SRU] microrelease exception for src:php7.0 (7.0.13)
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1645431 | [SRU] microrelease exception for src:php7.0 (7.0.13) | php7.0 (Ubuntu) | Medium | Fix Released | ||
| 1645431 | [SRU] microrelease exception for src:php7.0 (7.0.13) | php7.0 (Ubuntu Yakkety) | Medium | Fix Released | ||
| 1645431 | [SRU] microrelease exception for src:php7.0 (7.0.13) | php7.0 (Ubuntu Xenial) | Medium | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
