Mageia: Security Advisory (MGASA-2021-0393)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2021:3006-1 Security update for php74-pear

This update for php74-pear fixes the following issues: - CVE-2020-36193: Fixed ArchiveTar directory traversal due to inadequate checking of symbolic links bsc1189591...

SUSE-SU-2021:2926-1 Security update for php72

This update for php72 fixes the following issues: - CVE-2020-36193: Fixed ArchiveTar directory traversal due to inadequate checking of symbolic links bsc1189591...

CVE-2020-28948

ArchiveTar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked...

Arbitrary File Deletion

PEAR/ArchiveTar is vulnerable to arbitrary file deletion. The vulnerability exists when extracting a file with phar:// prefix, allowing unsafe unserialization of gadgets to cause arbitrary file deletion...

CVE-2018-1000888

CVE-2018-1000888 affects the PEAR Archive_Tar library (versions 1.4.3 and earlier). The vulnerability arises from unsafe file operations using $v_header['filename'] during extract, which can trigger phar:// based unserialization. This enables PHP object injection and can lead to destructor/wakeup...