php-pear-1.9.4-23.el7
エラータID: AXSA:2022-4004:01
The php-pear package contains the PHP Extension and Application Repository (PEAR), a framework and distribution system for reusable PHP components.
Security Fix(es):
* Archive_Tar: allows an unserialization attack because phar: is blocked but PHAR: is not blocked (CVE-2020-28948)
* Archive_Tar: improper filename sanitization leads to file overwrites (CVE-2020-28949)
* Archive_Tar: directory traversal due to inadequate checking of symbolic links (CVE-2020-36193)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2020-28948
Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked.
CVE-2020-28949
Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed.
CVE-2020-36193
Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.
Update packages.
Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked.
Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed.
Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.
N/A
SRPMS
- php-pear-1.9.4-23.el7.src.rpm
MD5: a0f2efb24d0ca5ebf6ff1519f7caafee
SHA-256: e1f6dd283ebd03725bd39f66d1a8f23354dc1a73a1c046bfe9acdc9755f27807
Size: 390.00 kB
Asianux Server 7 for x86_64
- php-pear-1.9.4-23.el7.noarch.rpm
MD5: a5b1bfe9e2f08aa691a0614bb02d20c3
SHA-256: ca07185025815507ac7874f471936df18ce3f25659c3cab74e444c640015a8f7
Size: 360.06 kB