USN-4723-1: PEAR vulnerability

🗓️ 08 Feb 2021 12:43:56Reported by UbuntuType

ubuntu

ubuntu🔗 ubuntu.com👁 114 Views

PEAR vulnerability in Ubuntu 20.10, 20.04 LTS, 18.04 ESM, 16.04 ESM for php-pear packag

Reporter	Title	Published	Views	Family All 144
IBM Security Bulletins	Security Bulletin: IBM API Connect is impacted by a directory traversal vulnerability in Drupal core SA-CORE-2021-001 (CVE-2020-36193)	6 Apr 202121:28	–	ibm
ATTACKERKB	CVE-2021-32610	30 Jul 202100:00	–	attackerkb
ATTACKERKB	CVE-2020-36193	18 Jan 202100:00	–	attackerkb
Tenable Nessus	Amazon Linux 2 : php-pear (ALAS-2021-1602)	19 Feb 202100:00	–	nessus
Tenable Nessus	Amazon Linux 2 : php-pear (ALAS-2021-1708)	16 Sep 202100:00	–	nessus
Tenable Nessus	Amazon Linux AMI : php7-pear (ALAS-2021-1481)	18 Feb 202100:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0161: php:7.4 (ALINUX3-SA-2022:0161)	14 May 202500:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0018: php:7.4 (ALINUX3-SA-2023:0018)	14 May 202500:00	–	nessus
Tenable Nessus	CentOS 8 : php:7.4 (CESA-2022:6542)	15 Sep 202200:00	–	nessus
Tenable Nessus	CentOS 7 : php-pear (RHSA-2022:7340)	9 Oct 202400:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Ubuntu	16.04	any	php-pear	1:1.10.1+submodules+notgz-6ubuntu0.3	php-pear_1:1.10.1+submodules+notgz-6ubuntu0.3_any.deb
Ubuntu	18.04	any	php-pear	1:1.10.5+submodules+notgz-1ubuntu1.18.04.3	php-pear_1:1.10.5+submodules+notgz-1ubuntu1.18.04.3_any.deb
Ubuntu	20.04	any	php-pear	1:1.10.9+submodules+notgz-1ubuntu0.20.04.2	php-pear_1:1.10.9+submodules+notgz-1ubuntu0.20.04.2_any.deb
Ubuntu	20.10	any	php-pear	1:1.10.9+submodules+notgz-1ubuntu0.20.10.2	php-pear_1:1.10.9+submodules+notgz-1ubuntu0.20.10.2_any.deb

08 Feb 2021 12:43Current

7.9High risk

Vulners AI Score7.9

CVSS 25

CVSS 3.17.5

EPSS0.71148

SSVC

ubuntu pear vulnerability symbolic links arbitrary code security issue