MiracleLinux 4 : php-pear-1.9.4-4.AXS4 (AXSA:2012-73:01)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2012-73:01 advisory. PEAR is a framework and distribution system for reusable PHP components. This package contains the basic PEAR components. Security issues fixed with this...

EUVD-2011-1158

Malware in sbrugna...

Oracle Linux 6 : php-pear (ELSA-2011-1741)

The remote Oracle Linux 6 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2011-1741 advisory. 1.9.4-4 - fix patch application for 747361 1.9.4-3 - ignore REST cache creation failures as non-root user 747361 1.9.4-2 - fix XML-Util provides 1.9.4-1 - updat...

SUSE CVE-2011-1144

The installer in PEAR 1.9.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the 1 downloaddir, 2 cachedir, 3 tmpdir, and 4 pear-build-download directories. NOTE: this vulnerability exists because of an incomplete fix for...

Scientific Linux Security Update : php-pear on SL6.x

The php-pear package contains the PHP Extension and Application Repository PEAR, a framework and distribution system for reusable PHP components. It was found that the 'pear' command created temporary files in an insecure way when installing packages. A malicious, local user could use this flaw t...

RedHat Update for php-pear RHSA-2011:1741-03

Check for the Version of php-pear OpenVAS Vulnerability Test RedHat Update for php-pear RHSA-2011:1741-03 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

RedHat Update for php-pear RHSA-2011:1741-03

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Debian Security Advisory DSA 2408-1 (php5)

The remote host is missing an update to php5 announced via advisory DSA 2408-1. OpenVAS Vulnerability Test $Id: deb24081.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2408-1 php5 Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

Mandriva Update for php-pear MDVSA-2011:187 (php-pear)

Check for the Version of php-pear OpenVAS Vulnerability Test Mandriva Update for php-pear MDVSA-2011:187 php-pear Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

Mandriva Linux Security Advisory : php-pear (MDVSA-2011:187)

A vulnerability has been discovered and corrected in php-pear : The installer in PEAR before 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the 1 downloaddir, 2 cachedir, 3 tmpdir, and 4 pear-build-download directories, a different...

RHEL 6 : php-pear (RHSA-2011:1741)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2011:1741 advisory. The php-pear package contains the PHP Extension and Application Repository PEAR, a framework and distribution system for reusable PHP components. It...

Low: Red Hat Security Advisory: php-pear security and bug fix update

An updated php-pear package that fixes one security issue and multiple bugs is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severi...

Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 / 11.04 : php5 vulnerabilities (USN-1126-1)

Stephane Chazelas discovered that the /etc/cron.d/php5 cron job for PHP 5.3.5 allows local users to delete arbitrary files via a symlink attack on a directory under /var/lib/php5/. CVE-2011-0441 Raphael Geisert and Dan Rosenberg discovered that the PEAR installer allows local users to overwrite...

Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 / 11.04 : php5 regressions (USN-1126-2)

USN 1126-1 fixed several vulnerabilities in PHP. The fix for CVE-2010-4697 introduced an incorrect reference counting regression in the Zend engine that caused the PHP interpreter to segfault. This regression affects Ubuntu 6.06 LTS and Ubuntu 8.04 LTS. The fixes for CVE-2011-1072 and CVE-2011-11...

USN-1126-2: PHP Regressions

USN 1126-1 fixed several vulnerabilities in PHP. The fix for CVE-2010-4697 introduced an incorrect reference counting regression in the Zend engine that caused the PHP interpreter to segfault. This regression affects Ubuntu 6.06 LTS and Ubuntu 8.04 LTS. The fixes for CVE-2011-1072 and CVE-2011-11...

CVE-2011-1072

The connected Nessus/NASL entries confirm CVE-2011-1072 affects the PEAR installer prior to 1.9.2, enabling local users to overwrite arbitrary files via a symlink on package.xml, related to download_dir, cache_dir, tmp_dir, and pear-build-download directories. The MiracleLinux advisory references...

CVE-2011-1072

The installer in PEAR before 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the 1 downloaddir, 2 cachedir, 3 tmpdir, and 4 pear-build-download directories, a different vulnerability than CVE-2007-2519...

CVE-2011-1144

The installer in PEAR 1.9.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the 1 downloaddir, 2 cachedir, 3 tmpdir, and 4 pear-build-download directories. NOTE: this vulnerability exists because of an incomplete fix for...