292 matches found
Ubuntu 18.04 LTS / 20.04 LTS : PEAR vulnerability (USN-5027-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-5027-1 advisory. It was discovered that PEAR incorrectly handled symbolic links in archives. A remote attacker could possibly use this issue to execute arbitrary code...
Huawei EulerOS: Security Advisory for php-pear (EulerOS-SA-2021-1884)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP8 : php-pear (EulerOS-SA-2021-1884)
According to the version of the php-pear package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Tar.php in ArchiveTar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issu...
Debian: Security Advisory (DSA-4894-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-4894-1 : php-pear - security update
It was discovered that the PEAR ArchiveTar package for handling tar files in PHP is prone to a directory traversal flaw due to inadequate checking of symbolic links. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisor...
[SECURITY] [DSA 4894-1] php-pear security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4894-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 20, 2021 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4894-1] php-pear security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4894-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 20, 2021 https://www.debian.org/security/faq -...
Debian: Security Advisory (DLA-2621-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DLA-2621-1 : php-pear security update
A vulnerability was discovered in php-pear, which provides core packages from the PHP Extension and Application Repository. Tar.php in ArchiveTar allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948. An attacker could...
[SECURITY] [DLA 2621-1] php-pear security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2621-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler April 08, 2021 https://wiki.debian.org/LTS -...
Huawei EulerOS: Security Advisory for php-pear (EulerOS-SA-2021-1345)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP2 : php-pear (EulerOS-SA-2021-1345)
According to the version of the php-pear package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - ArchiveTar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack such as file:// to...
Important: php-pear
Issue Overview: Tar.php in ArchiveTar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links. CVE-2020-36193 Affected Packages: php-pear Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the...
Amazon Linux 2 : php-pear (ALAS-2021-1602)
The version of php-pear installed on the remote host is prior to 1.10.12-5. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2021-1602 advisory. Tar.php in ArchiveTar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic...
Ubuntu: Security Advisory (USN-4723-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-4723-1 php-pear vulnerability
It was discovered that PEAR incorrectly handled symbolic links in archives. A remote attacker could possibly use this issue to execute arbitrary code...
EulerOS 2.0 SP8 : php-pear (EulerOS-SA-2021-1164)
According to the versions of the php-pear package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ArchiveTar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked.CVE-2020-28948 - ArchiveTar throug...
Updated php-pear packages fix a security vulnerability
The updated php-pear packages fix a security vulnerability in component Archivetar, a symlink out-of-path write vulnerability. Tar.php in ArchiveTar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links. CVE-2020-36193...
MGASA-2021-0060 Updated php-pear packages fix a security vulnerability
The updated php-pear packages fix a security vulnerability in component Archivetar, a symlink out-of-path write vulnerability. Tar.php in ArchiveTar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links. CVE-2020-36193...
Fedora: Security Advisory for php-pear (FEDORA-2021-02996612f6)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...