Mandriva Linux Security Advisory 2011-004 - Multiple format string vulnerabilities in the phar extension in PHP 5.3 before 5.3.2 allow context-dependent attackers to obtain sensitive information and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the phar_stream_flush, phar_parse_url, or phar_wrapper_open_dir function in ext/phar/dirstream.c, which triggers errors in the php_stream_wrapper_log_error function. The updated packages have been upgraded to the latest version and patched to correct this issue.
cc0b39fb95de35b1449b811335b5e9616ac2bf267eaceb0d0502416b54b87310